Requirement 3.4

Render PAN, at minimum, unreadable anywhere it is stored (including on portable digital media, backup media, in logs) by using any of the following approaches:

  • One-way hashes based on strong cryptography
  • Truncation
  • Index tokens and pads (pads must be securely stored)
  • Strong cryptography with associated key-management processes and procedures

The MINIMUM account information that must be rendered unreadable is the PAN.

Notes:
If for some reason, a company is unable render the PAN unreadable, refer to Appendix B: Compensating Controls.
“Strong cryptography” is defined in the PCI DSS Glossary of Terms, Abbreviations and Acronyms.