PCI (Payment Card Industry Security Standard)_Req 3.3

PCI (Payment Card Industry Security Standard)

Protect stored cardholder data

Req 3.3

3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that only personnel with a legitimate business need can see more than the first six/last four digits of the PAN. Note: this requirement does not supersede stricter requirements in place for displays of cardholder data-for example legal or payment card brand requirements for point-of-sale (POS) receipts.

The display of full PAN on items such as computer screens payment card receipts faxes or paper reports can result in this data being obtained by unauthorized individuals and used fraudulently. Ensuring that full PAN is only displayed for those with a legitimate business need to see the full PAN minimizes the risk of unauthorized persons gaining access to PAN data. The masking approach should always ensure that only the minimum number of digits is displayed as necessary to perform a specific business function. For example if only the last four digits are needed to perform a business function mask the PAN so that individuals performing that function can view only the last four digits. As another example if a function needs access to the bank identification number (BIN) for routing purposes unmask only the BIN digits (traditionally the first six digits) during that function. This requirement relates to protection of PAN displayed on screens paper receipts printouts etc. and is not to be confused with Requirement 3.4 for protection of PAN when stored in files databases etc.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video