[PCI DSS 3.0] 3.4 Render PAN unreadable anywhere it is stored

3.4 Render PAN unreadable anywhere it
is stored (including on portable digital
media, backup media, and in logs) by
using any of the following approaches:
 One-way hashes based on strong
cryptography, (hash must be of the
entire PAN)
 Truncation (hashing cannot be used
to replace the truncated segment of
 Index tokens and pads (pads must be
securely stored)
 Strong cryptography with associated
key-management processes and
Note: It is a relatively trivial effort for a
malicious individual to reconstruct
original PAN data if they have access to
both the truncated and hashed version of
a PAN. Where hashed and truncated
versions of the same PAN are present in
an entity’s environment, additional
controls should be in place to ensure that
the hashed and truncated versions
cannot be correlated to reconstruct the
original PAN.

3.4.a Examine documentation about the system used to protect
the PAN, including the vendor, type of system/process, and the
encryption algorithms (if applicable) to verify that the PAN is
rendered unreadable using any of the following methods:
[li]One-way hashes based on strong cryptography,[/li][li]Truncation[/li][li]Index tokens and pads, with the pads being securely stored[/li][li]Strong cryptography, with associated key-management processes and procedures.[/li][/ul]
3.4.b Examine several tables or files from a sample of data
repositories to verify the PAN is rendered unreadable (that is,
not stored in plain-text).
3.4.c Examine a sample of removable media (for example,
back-up tapes) to confirm that the PAN is rendered unreadable.
3.4.d Examine a sample of audit logs to confirm that the PAN is
rendered unreadable or removed from the logs.

PANs stored in primary storage (databases, or flat
files such as text files spreadsheets) as well as
non-primary storage (backup, audit logs,
exception or troubleshooting logs) must all be
One-way hash functions based on strong
cryptography can be used to render cardholder
data unreadable. Hash functions are appropriate
when there is no need to retrieve the original
number (one-way hashes are irreversible). It is
recommended, but not currently a requirement,
that an additional, random input value be added to
the cardholder data prior to hashing to reduce the
feasibility of an attacker comparing the data
against (and deriving the PAN from) tables of pre-
computed hash values.
The intent of truncation is that only a portion (not
to exceed the first six and last four digits) of the
PAN is stored.
An index token is a cryptographic token that
replaces the PAN based on a given index for an
unpredictable value. A one-time pad is a system
in which a randomly generated private key is used
only once to encrypt a message that is then
decrypted using a matching one-time pad and
The intent of strong cryptography (as defined in
the PCI DSS and PA-DSS Glossary of Terms,
Abbreviations, and Acronyms) is that the
encryption be based on an industry-tested and
accepted algorithm (not a proprietary or “home-
grown” algorithm) with strong cryptographic keys.
By correlating hashed and truncated versions of a
given PAN, a malicious individual may easily
derive the original PAN value. Controls that
prevent the correlation of this data will help ensure
that the original PAN remains unreadable.