Chapter 10

Requirement 3

Protect Stored Cardholder Data

Requirement 3 is the crux of the PCI-DSS. It deals with the storage of cardholder information. For organizations that handle cardholder information extensively, like merchants, processors, and banks, this is a challenging requirement that must be adhered to, with detailed and meticulous implementation. In this chapter, we will explore this requirement in detail. The chapter initially focuses on the motivation to store cardholder information, with special emphasis on the fact that there may be several unnecessary touch points for cardholder information storage. Subsequently, we explore the security requirements of the standard relating to cardholder information storage and display. We also ...

Get PCI Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.