3.2.3 Do not store the personal
identification number (PIN) or the
encrypted PIN block.
3.2.3 For a sample of system components, examine data
sources, including but not limited to the following and verify
that PINs and encrypted PIN blocks are not stored after
authorization:
Incoming transaction data
All logs (for example, transaction, history, debugging,
error)
History files
Trace files
Several database schemas
Database contents.
These values should be known only to the card
owner or bank that issued the card. If this data is
stolen, malicious individuals can execute
fraudulent PIN-based debit transactions (for
example, ATM withdrawals).