Re: Is PCI Compliance Mandatory



On Sat Jan 12/2008 @ 10:01:P -0000 asdasd, global.infosec@xxxxxxxxx wrote:
Recently our organisation decided not to store credit card numbers in our databases of our retail outlets.
Do we still need to comply to PCI DSS?

According to the PCI DSS v1.1 [1]:

"PCI DSS requirements are applicable if a Primary Account Number (PAN)
is stored, processed, or. transmitted."

[1] https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf



Relevant Pages

  • Re: PCI compliance questions
    ... Sensitive data is cardholder data which is the PAN and it also ... From the PCI DSS: "PCI DSS requirements are applicable if a Primary ... Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. ... Totally hands-on course with evening Capture The Flag exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. ...
    (Security-Basics)
  • Re: Is PCI Compliance Mandatory
    ... If any credit card data passes through your information systems, ... PCI DSS requirements are applicable if a Primary Account Number (PAN) ...
    (Security-Basics)
  • RE: Is PCI Compliance Mandatory
    ... "PCI DSS requirements are applicable if a Primary Account Number ... might be transmitting card holder data. ...
    (Security-Basics)