Does increasing the default CC# storage time violate PCI?

This forum is dedicated to answering AbleCommerce 7.0 questions about PCI certification and compliance.
Post Reply
SteveHiner
Lieutenant (LT)
Lieutenant (LT)
Posts: 58
Joined: Thu Jun 21, 2007 8:27 pm

Does increasing the default CC# storage time violate PCI?

Post by SteveHiner » Thu Dec 04, 2008 10:59 am

My client doesn't like the default 60 (or is it 30?) day storage for credit card numbers. He wants it increased to a year or more. I've looked over some of the PCI stuff and don't see that it's a problem (at least as far as compliance goes). I've told him that I don't think it's a good idea but, obviously, Amazon stores CC numbers basically forever and they're certainly at a higher certification requirement than my client.

Any advice/guidance?
Steve

kastnerd
Commodore (COMO)
Commodore (COMO)
Posts: 474
Joined: Wed Oct 22, 2008 9:17 am

Re: Does increasing the default CC# storage time violate PCI?

Post by kastnerd » Wed Dec 10, 2008 7:08 pm

I think its 30 days total? or 30 days from last order? 6 months from last order sounds like a good max.
But amazon, newegg and paypal do keep your credit card on file for a long time.

User avatar
igavemybest
Captain (CAPT)
Captain (CAPT)
Posts: 388
Joined: Sun Apr 06, 2008 5:47 pm

Re: Does increasing the default CC# storage time violate PCI?

Post by igavemybest » Tue Aug 18, 2009 2:02 pm

http://www.pcicomplianceguide.org/merch ... liance.php

There is some great info there, and it is not an issue from anything that I see.

Lucin
Ensign (ENS)
Ensign (ENS)
Posts: 1
Joined: Fri Nov 18, 2011 4:35 pm

Re: Does increasing the default CC# storage time violate PCI?

Post by Lucin » Fri Nov 18, 2011 5:23 pm

Yes I agree, I think you should stick with 6 months as a maximum mark to be on the safe side. You can advise your client on why this is the case if you like. Hope that helps.

biotin side effects,viviscal review for the hair.
"There are only two mistakes one can make along the road to truth; not going all the way, and not starting."
Last edited by Lucin on Mon Dec 12, 2011 1:27 pm, edited 2 times in total.

rymay
Ensign (ENS)
Ensign (ENS)
Posts: 5
Joined: Fri Nov 18, 2011 4:58 pm

Re: Does increasing the default CC# storage time violate PCI?

Post by rymay » Fri Nov 18, 2011 9:46 pm

Lucin wrote:Yes I agree, I think you should stick with 6 months as a maximum mark to be on the safe side. You can advise your client on why this is the case if you like. Hope that helps.

biotin side effects,viviscal review for the hair.
"There are only two mistakes one can make along the road to truth; not going all the way, and not starting."

I read a bit more on this and it seems that you don't necessarily need to stick with the 6 month benchmark. I am not 100% sure though.

Post Reply