http://www.pcidssguru.com/policy/handling-cardholder-data/ Payment Card Industry Data Security Standard Wed, 21 Jul 2010 14:56:30 -0700 hourly 1 http://wordpress.org/?v=3.0.1 http://www.pcidssguru.com/policy/handling-cardholder-data/comment-page-1/#comment-983 Jewel Tue, 16 Mar 2010 23:08:20 +0000 http://www.pcidssguru.com/?p=68#comment-983 @Chris: Page six of the DSS says "PCI DSS, however, does not apply if PANs are not stored, processed, or transmitted." Whenever "cardholder data" is mentioned in the standard it is only as defined on that page. @Chris: Page six of the DSS says “PCI DSS, however, does not apply if PANs are not stored, processed, or transmitted.” Whenever “cardholder data” is mentioned in the standard it is only as defined on that page.

]]> http://www.pcidssguru.com/policy/handling-cardholder-data/comment-page-1/#comment-815 Chris Tue, 15 Dec 2009 17:54:39 +0000 http://www.pcidssguru.com/?p=68#comment-815 My company only has truncated cardholder data to begin with. Does this still count as cardholder data that must be destroyed from all our old backups and servers? It's useless without the full number anyway, so I don't understand why it would be necessary, but from my interpretation of the requirement, that is what they are asking. My company only has truncated cardholder data to begin with. Does this still count as cardholder data that must be destroyed from all our old backups and servers? It’s useless without the full number anyway, so I don’t understand why it would be necessary, but from my interpretation of the requirement, that is what they are asking.

]]>