Yes,For PCI DSS applies wherever, account data consists of cardholder data (CHD) and/or sensitive authentication data (SAD) is stored. With respect to SAD, processed or transmitted, irrespective of whether it is pre-authorization or post-authorization. There are no specific rules in PCI DSS reRequirement 3.3.1 prohibits storagarding how long CHD ore of SAD can be stored prior toafter authorization, but such data would need to be protected according toeven if encrypted. Note that there are no specific rules in PCI DSS.  Use of PTS-validated payment devices and P regarding how long SA-DSS validated payment applications can supportD can be stored before authorization, but such data would need to be protected according to PCI DSS. Use of PCI approved PTS devices and PCI-validated payment software can support PCI DSS compliance for the protection of data prior to authorization.

With respect toThe individual payment brands determine whether SAD is permitted to be stored before authorization, PCI DSS Rincluding any related usage and protection requirement 3s.2 prohibits storage of S AD AFTER authorizationdditionally, seven if encrypted. Whether SAD is permitted to be stored prior to authorization is determined by the indiral payment brands havidual payment brands, including any related usage and protection requirements. Additionally, several payment brands have verye specific rules that prohibit any storage of SAD and do not make any exceptions. To determine payment brand requirements, please contact the individual payment brands directly. Contact information for the payment brands can be found in FAQ 1142. How do I contact the payment card brands?