Compliance Areas

PCI and What Not to Store

Posted on May 06, 2021Share on

Front and back of credit card with arrows pointing to the different data
  • Under no circumstances may any Institute merchant store this information in electronic or paper form after the initial transaction has been approved:
    1. Full PAN (primary account number)
      • Only the last four digits may be stored;
      • The remainder of the number must be masked.
    2. Card Security Code (the three-digit code on the back of the card)
    3. Data from the magnetic stripe
  • Should you think you have a need to store this data, or have been storing this data, please contact the UTIA CISO immediately.

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu