PCI Requirement 3.2.1, 3.2.2 & 3.2.3 – Do Not Store the Track, Service Code, or PIN after Authorization
by Randy Bartels / July 28th, 2017
PCI Requirement 3.2 requires that organizations do not store sensitive authentication data after authorization, even if encrypted. Sensitive authentication data includes full track data…
PCI Requirement 3.2 – Do Not Store Sensitive Authentication Data after Authorization
by Randy Bartels / July 28th, 2017
PCI Requirement 3.2 states, “Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received, render all data…
PCI Requirement 3.1 – Keep Cardholder Data Storage to a Minimum
by Randy Bartels / July 28th, 2017
PCI Requirement 3.1 requires organizations to securely delete data that is not required to be retained for business or legal requirements. Why is complying…
PCI Requirement 2.6 – Shared Hosting Providers Must Protect Each Entity’s Hosted Environment
by Randy Bartels / June 30th, 2017
What is a Shared Hosting Provider? PCI Requirement 2.6 exists to protect hosting environments. When multiple clients’ data is all on the same server,…
PCI Requirement 2.5 – Ensure Security Policies Are Known to All Affected Parties
by Randy Bartels / June 30th, 2017
Ensure that Policies and Procedures are Documented, In Use, and Known to All Affected Parties PCI DSS Requirement 2.5 addresses one of the most…