The industry practice is to eliminate the middle six digits, but the standards for each major card brand range slightly. Organizations seeking flexibility in this area should review the individual requirements for each card brand.
To store credit card information on paper, you must cross it out with a dark pen to make the security code unreadable after completing the transaction and before storing a paper authorization form.
PCI-DSS requirements state that cardholder data may only be retained for a legitimate legal, regulatory, or business reason. In other words, if you don't need cardholder data, you shouldn't store it.
As for PCI DSS requirement 3, sensitive authentication data shall not be stored and should be deleted after authorization.
Requirement 3 of the PCI DSS is about securing stored cardholder data, and six sub-requirements provide detailed guidelines for how merchants should store the various pieces of information on a card.
At the heart of the PCI DSS is the need to safeguard any cardholder data you carry. The standard includes examples of acceptable data security methods for card holders, such as encryption, tokenization, truncation, masking, and hashing.
Want to stay up to date with the latest news?
We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!