spec checked
PCI FAQ on cardholder data storage duration
Documents that stored cardholder data must be limited to necessary purposes, protected under PCI DSS, securely deleted when no longer required, and that sensitive authentication data such as card verification codes is not stored after authorization.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Payment card entry | Choose payment card entry when the task is to charge a card, verify a card, save a card payment method, or replace a card-on-file credential. | Users can type, paste, autofill, delete, select, and correct card number, expiry, CVC, and postal code fields without losing entered values. | PCI SSC supports limiting stored cardholder data and not storing card verification codes after authorization. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: PCI Security Standards Council. Last checked: .