Skip to main content

πŸ’Ό 3.2 Do not store sensitive authentication data after authorization (even if encrypted).

  • Contextual name: πŸ’Ό 3.2 Do not store sensitive authentication data after authorization (even if encrypted).

  • ID: /frameworks/pci-dss-v3.2.1/03/02

  • Located in: πŸ’Ό 3 Protect stored cardholder data

Description​

If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.

It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:

  • There is a business justification and
  • The data is stored securely.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/03/03/01
    • /frameworks/pci-dss-v4.0/03/03/03
  • Internal
    • ID: dec-c-d5d99c21

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 3.3.1 SAD is not retained after authorization, even if encrypted.35
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography.5

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 3.3.1 SAD is not retained after authorization, even if encrypted.35
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography.5

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό 3.2.1 Do not store the full contents of any track after authorization.
πŸ’Ό 3.2.2 Do not store the card verification code or value after authorization.
πŸ’Ό 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block after authorization.

Policies (5)​

PolicyLogic CountFlags
πŸ“ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) 🟒1🟒 x6
πŸ“ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK) 🟒1🟒 x6
πŸ“ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key 🟒1🟒 x6
πŸ“ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) 🟒1🟒 x6
πŸ“ Google GCE Instance Confidential Compute is not enabled 🟒1🟒 x6