PCI and What Not to Store

Share on

  • Under no circumstances may any Institute merchant store this information in electronic or paper form after the initial transaction has been approved:
    1. Full PAN (primary account number)
      • Only the last four digits may be stored;
      • The remainder of the number must be masked.
    2. Card Security Code (the three-digit code on the back of the card)
    3. Data from the magnetic stripe
  • Should you think you have a need to store this data, or have been storing this data, please contact the UTIA CISO immediately.