Does PCI Compliance allow you to save the track data until you process the card? For example someone gives you a card to process in the beginning of next month, can the track data be stored until then? JL
The answer is yes, but with limitations.
Track data is the information encoded in Track 1 and Track 2 within the magnetic strip, or chip, on the back of a credit card which is read by an electronic reader within the terminal or point-of-sale (POS) system. Track data contains information about the card and the cardholder.
What track data can be collected? When a credit or debit card is swiped, the track data may include customer name, credit card number, expiration date, CVV number, and information used as part of PIN encryption/decryption if a debit card.
What track data can be stored? Merchants may securely store ONLY the customer’s name, credit card number, and expiration date to PCI Data Security standards if desired.
How and where will you store the track data? This is the crux of PCI Data Security and should be your most important consideration. Do you use POS software? Do you know if it is PCI Compliant? Some are, some are not. Even some very big software companies are not, but are ‘working on it’.
A technology solution that I sell ( I work direct for the company) is CenPOS. The data is encrypted, stored off site, meets all current data security standards and the solution is fully PCI Compliant.
Article on prohibited Cardholder Data Storage from Visa.