[PCI DSS 3.0] [PCI DSS 3.0] 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block.

pcinetwork

PCINetwork.org Admin
#1
3.2.3 Do not store the personal
identification number (PIN) or the
encrypted PIN block.

3.2.3 For a sample of system components, examine data
sources, including but not limited to the following and verify
that PINs and encrypted PIN blocks are not stored after
authorization:
 Incoming transaction data
 All logs (for example, transaction, history, debugging,
error)
 History files
 Trace files
 Several database schemas
 Database contents.

These values should be known only to the card
owner or bank that issued the card. If this data is
stolen, malicious individuals can execute
fraudulent PIN-based debit transactions (for
example, ATM withdrawals).
 
Top