Diff: FAQ #1038
Does PCI DSS apply to "hot cards," fraudulent or invalid card numbers, or cancelled cards?
Earlier Version
Later Version
Removed
Added
If the issuer confirmsit has been confirmed that the cards are inactive or disabled, the PANs (Primary Account Numbers) no longer pose fraud risk to the payment system.system, and PCI DSS would not apply in these cases. If, however, the PAN is later reactivated, PCI DSS will again apply.
When payment cards expire, the same account number is often reused on the new card with a different expiry date. The PAN should be verified as not being valid before expired cards are excluded from PCI DSSwould not applyscope.
Entities should retain PAN based on business/legal needs, as defined inthese cases.data retention policy (PCI DSS Requirement 3.1). Remember: If however, the PAN is later reactivated, PCI DSS will again apply.you don?t need it, don?t store it.
When payment cards expire, the same account number is often reused on the new card with a different expiry date. The PAN should be verified as not being valid before expired cards are excluded from PCI DSS
Entities should retain PAN based on business/legal needs, as defined in
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.