Here’re are guidelines to retain card data per PCI DSS rules.
Guidelines to Store Card Details
- All the cardholder data must be kept only a certain time. After that, the data should be purged.
- Discard all sensitive authentication data after the transaction is successful or processed. Only issuers can save sensitive data for business reasons in a Secured server.
- Must mask all PAN (credit card account number). It should not be visible to the public.
- Need to make the PAN unreadable.
- A procedure is required to protect cardholder data. Ex: Encryption or Decryption.
- Document and implement key management processes.
- All security policies should be documented.
- Yo May Also Read: Different card types Popular to Read Today