πΌ 3.2 Do not store sensitive authentication data after authorization (even if encrypted).
-
Contextual name: πΌ 3.2 Do not store sensitive authentication data after authorization (even if encrypted).
-
ID:
/frameworks/pci-dss-v3.2.1/03/02 -
Located in: πΌ 3 Protect stored cardholder data
Descriptionβ
If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.
It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:
- There is a business justification and
- The data is stored securely.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/03/03/01/frameworks/pci-dss-v4.0/03/03/03
- Internal
- ID:
dec-c-d5d99c21
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.3.1 SAD is not retained after authorization, even if encrypted. | 3 | |||
| πΌ PCI DSS v4.0 β πΌ 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography. |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.3.1 SAD is not retained after authorization, even if encrypted. | 3 | |||
| πΌ PCI DSS v4.0 β πΌ 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography. |