Chat With Us
We are here for you!
Talk to a fellow human.
Stored cardholder data should be rendered unreadable according to requirement 3 of the PCI Security Audit Procedures document. If encryption, truncation, or another comparable approach cannot be used, encryption options should continue to be investigated as the technology is rapidly evolving. In the interim, while encryption solutions are being investigated, stored data must be strongly protected by compensating controls.
An example of compensating controls for encryption of stored data is complex network segmentation that may include the following: