Frequently Asked Questions

< Back to search page

Can PCI DSS be used to protect non-payment card data?

FAQ Response

PCI DSS provides a solid baseline of security requirements that can be used to protect non-payment card data. However, entities should consult with the applicable regulatory body and/or the data owner, as appropriate, to understand the suitability of using PCI DSS requirements to protect the data in question.

August 2016
Article Number 1437

Does PCI DSS define which versions of TLS must be used?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

Does the use of expired PTS POI devices meet eligibility criteria for SAQ B-IP?

What are acceptable formats for truncation of primary account numbers?

How can an entity meet PCI DSS requirements for PAN masking and truncation if it has migrated to 8-digit BINs?

Frequently Asked Questions

Can PCI DSS be used to protect non-payment card data?

Related Articles