3.2.3 Do not store the personal
identification number (PIN) or the
encrypted PIN block.
3.2.3 For a sample of system components, examine data
sources, including but not limited to the following and verify
that PINs and encrypted PIN blocks are not stored after
Incoming transaction data
All logs (for example, transaction, history, debugging,
Several database schemas
These values should be known only to the card
owner or bank that issued the card. If this data is
stolen, malicious individuals can execute
fraudulent PIN-based debit transactions (for
example, ATM withdrawals).