PCI Requirement 3
Protect Stored Cardholder Data
Welcome to PCI Requirement 3. Does your organization store cardholder data? If so, you’re in right place to start learning how to appropriately protect and store cardholder data. PCI Requirement 3 gives organizations an opportunity to consider which retained data is required and which is becoming a liability for your organization. So how do you protect the stored cardholder data that is vital to your business?
In these video resources, you will learn about implementing encryption, truncation, masking, and hashing – all methods that can be used to protect and store cardholder data. We will also discuss dual control, split knowledge, rendering data unreadable, key-custodians, PAN, sensitive authentication data – all elements that need to be understood in order to fully protect and store cardholder data. Click on a video below to get started with PCI Requirement 3.

PCI Requirement 3.1 – Keep Cardholder Data Storage to a Minimum

PCI Requirement 3.2 – Do Not Store Sensitive Authentication Data after Authorization

PCI Requirement 3.2.1, 3.2.2 & 3.2.3 – Do Not Store the Track, Service Code, or PIN after Authorization

PCI Requirement 3.3 – Mask PAN when Displayed

PCI Requirement 3.4.1 – Use of Disk Encryption

PCI Requirement 3.5 – Protect Keys Used to Store Cardholder Data

PCI Requirement 3.5.1 – Maintain a Documented Description of the Cryptographic Architecture

PCI Requirement 3.5.2 – Restrict Access to Cryptographic Keys

PCI Requirement 3.5.3 – Store Secret & Private Keys Used to Encrypt/Decrypt Cardholder Data

PCI Requirement 3.5.4 – Store Cryptographic Keys in the Fewest Possible Locations

PCI Requirement 3.6 – Document & Implement All Key-Management Processes & Procedures for Cryptographic Keys

PCI Requirement 3.6.2 – Secure Cryptographic Key Distribution

PCI Requirement 3.6.1 – Generation of Strong Cryptographic Keys

PCI Requirement 3.6.3 – Secure Cryptographic Key Storage

PCI Requirement 3.6.4 – Cryptographic Key Changes at Cryptoperiod Completion

PCI Requirement 3.6.5 – Replacing Weakened Keys

PCI Requirement 3.6.6 – Using Split Knowledge & Dual Control

PCI Requirement 3.6.7 – Prevention of Unauthorized Substitution of Cryptographic Keys

PCI Requirement 3.6.8 – Key-Custodian Responsibilities
