Re: Is PCI Compliance Mandatory



On Sat Jan 12/2008 @ 10:01:P -0000 asdasd, global.infosec@xxxxxxxxx wrote:
Recently our organisation decided not to store credit card numbers in our databases of our retail outlets.
Do we still need to comply to PCI DSS?

According to the PCI DSS v1.1 [1]:

"PCI DSS requirements are applicable if a Primary Account Number (PAN)
is stored, processed, or. transmitted."

[1] https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf