top of page
3.2.1 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
3.2.1
Requirement 3: Protect stored cardholder data
(v3.2.1)
Do not store the full contents of any track (from the magnetic stripe located on the back of a card, equivalent data contained on a chip, or elsewhere) after authorization. This data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data.
Note: In the normal course of business, the following data elements from the magnetic stripe may need to be retained:
• The cardholder’s name
• Primary account number (PAN)
• Expiration date
• Service code
To minimize risk, store only these data elements as needed for business.
bottom of page