3.2.1 Do not store the full contents of
any track (from the magnetic stripe
located on the back of a card,
equivalent data contained on a chip, or
elsewhere). This data is alternatively
called full track, track, track 1, track 2,
and magnetic-stripe data.
Note: In the normal course of business,
the following data elements from the
magnetic stripe may need to be retained:
The cardholder’s name
Primary account number (PAN)
Expiration date
Service code
To minimize risk, store only these data
elements as needed for business.
3.2.1 For a sample of system components, examine data
sources including but not limited to the following, and verify
that the full contents of any track from the magnetic stripe on
the back of card or equivalent data on a chip are not stored
after authorization:
Incoming transaction data
All logs (for example, transaction, history, debugging,
error)
History files
Trace files
Several database schemas
Database contents.
If full track data is stored, malicious individuals
who obtain that data can use it to reproduce
payment cards and complete fraudulent
transactions.