Monthly Archives: January 2017

Storing Track Data is Never Permitted

Storing track data after authorization is never permitted. It doesn’t matter what an organization is doing with the track data, they are not permitted to store it after authorization. The only exception may apply to issuers and/or issuer processors. Issuers or issuer processors are only allowed to retain sensitive authentication data for legitimate business reasons.… Read More »

Where Does Cardholder Data Flow?

Cardholder data flows everywhere. It goes through applications, systems, and network infrastructure devices. An inventory showing systems that store, process, or transmit cardholder data is a valuable tool when scoping an assessment. An inventory of all systems that store, process, and/or transmit cardholder data must be maintained The inventory may be in any usable format… Read More »