08-24-12 | Blog Post
Protecting stored cardholder data is the end goal of the PCI DSS (Payment Card Industry Data Security Standards) compliance requirements, and data storage is one important aspect of that goal.
The PCI SSC (Payment Card Industry Security Standards Council) has a handy guide to PCI DSS Data Storage Do’s and Don’ts explaining the best practices for the benefit of merchant and financial institutions that need advice on how to handle customer cardholder data.
When it comes to basic cardholder data storage, the PCI SSC recommends:
A few ‘data don’ts’ include:
As a basic high-level overview, these guidelines are clear and intent on protecting data from unauthorized access and potential data leakage. A more in-depth analysis of the PCI DSS requirements from a PCI hosting provider perspective can be found in our PCI Compliant Hosting white paper that lists each technical requirement and outlines what a PCI compliant data center should entail. Security and data protection are paramount to merely checking off compliance requirements, and our white paper shows you how to achieve both.
Additional PCI resources you may find helpful: