Window of Payment Card Data Storage (section 3.1 of the Final PFI Report template) indicates:
Example: The at-risk timeframe is Jan 1 – Jan 31, 2019 (31 days). The unauthorized data disclosure includes account/payment card data dating back to March 2012. The Window of payment card data storage would be March 1, 2012 - January 31, 2019.
- The timeframe for which account or payment card data was being stored – this may include expired accounts and/or card data. It answers the question, “What is the date range of all accounts and/or payment card data stored, including expired account/payment card data?”
- Overall timeframe of exposed account/card data. Note the Window of payment card data storage is not limited to the “at-risk timeframe” which refers to the period of time the account numbers were at risk (see Section 3.4 of the Final PFI Report template and FAQ 1448). The Window of payment card data storage includes the full date range (time window) of the actual accounts/card data that were exposed during the at-risk timeframe.
Article Number 1462