FAQ #1315 Diff
Is storage of truncated PAN considered storage of ?cardholder data? per the SAQ eligibility criteria?
Earlier Version
Later Version
Removed
Added
An entity that receives and stores only truncated PAN does not need to consider this storage of cardholder data for the purposes of the SAQ eligibility criteria.
criteria.Merchants must meet all the defined eligibility criteria for a particular SAQ in order to use that SAQ. Merchants must meet all the defined eligibility criteriashould consult with their acquirer or the payment brands directly (as applicable) to determine which SAQ they should use. Contact details for a particular SAQthe payment brands can be found in order to use that SAQ. Merchants should consultFAQ #1142 How do I contact the payment card brands?.See also FAQ #1117 Are truncated Primary Account Numbers (PAN) required to be protected in accordance with their acquirer or the payment brands directly (as applicable) to determine which SAQ they should use. Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?.
See also FAQ #1117Are truncated Primary Account Numbers (PAN) required to be protected in accordance withPCI DSS?
See also FAQ #1117Are truncated Primary Account Numbers (PAN) required to be protected in accordance with
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.