{"id":2018,"date":"2012-08-24T00:00:00","date_gmt":"2012-08-24T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-compliant-hosting-data-storage-guidelines\/"},"modified":"2012-08-24T00:00:00","modified_gmt":"2012-08-24T00:00:00","slug":"pci-compliant-hosting-data-storage-guidelines","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/","title":{"rendered":"PCI Compliant Hosting: Data Storage Guidelines"},"content":{"rendered":"<p>Protecting stored cardholder data is the end goal of the PCI DSS (Payment Card Industry Data Security Standards) compliance requirements, and data storage is one important aspect of that goal.<\/p>\n<p>The PCI SSC (Payment Card Industry Security Standards Council) has a handy guide to PCI DSS Data Storage Do\u2019s and Don\u2019ts explaining the best practices for the benefit of merchant and financial institutions that need advice on how to handle customer cardholder data.<\/p>\n<p>When it comes to basic cardholder data storage, the PCI SSC recommends:<\/p>\n<ul>\n<li>Merchants must understand the flow of payment card data throughout the entire transaction process<\/li>\n<li>Payment card terminals must comply with PCI PIN (Personal ID Number) PTS (Transaction Security) requirements<\/li>\n<li>Payment apps must comply with PA-DSS (Payment Application Data Security Standard)<\/li>\n<li>Retain cardholder data only if authorized, and ensure its protection<\/li>\n<li>Encrypt (use strong cryptography) all stored cardholder data, and use other security technologies to minimize risk<\/li>\n<li>Check that all third parties who process cardholder data also comply with PCI standards.<\/li>\n<\/ul>\n<p>A few \u2018data don\u2019ts\u2019 include:<\/p>\n<ul>\n<li>Don\u2019t store cardholder unless absolutely necessary (limiting scope of applicable compliance requirements)<\/li>\n<li>Don\u2019t store sensitive authentication data found on payment card\u2019s chip or magnetic stripe, including the verification code on the back or front of the card after authorization<\/li>\n<li>Don\u2019t allow payment terminals to print out personally identifiable payment card data<\/li>\n<li>Don\u2019t have servers outside of locked, fully-secured and access-controlled rooms<\/li>\n<li>Don\u2019t allow unauthorized people to access stored cardholder data<\/li>\n<\/ul>\n<p><a href=\"https:\/\/web.otava.com\/pci-compliant-data-needs\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" title=\"PCI Compliant Hosting White Paper\" src=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\" alt=\"PCI Compliant Hosting White Paper\" width=\"285\" height=\"165\" \/><\/a>As a basic high-level overview, these guidelines are clear and intent on protecting data from unauthorized access and potential data leakage. A more in-depth analysis of the PCI DSS requirements from a <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/pci-compliant-cloud\/\">PCI hosting provider<\/a> perspective can be found in our <a href=\"https:\/\/web.otava.com\/pci-compliant-data-needs\">PCI Compliant Hosting white paper<\/a> that lists each technical requirement and outlines what a PCI compliant data center should entail. Security and data protection are paramount to merely checking off compliance requirements, and our white paper shows you how to achieve both.<\/p>\n<p>Additional PCI resources you may find helpful:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/pci-compliant-hosting\/resources\/who-needs-to-be-pci-compliant\">Who Needs to Be PCI Compliant?<\/a><\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/reference\/pci-glossary-of-terms\/\">PCI Glossary of Terms<\/a><\/li>\n<li><a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/pci-compliant-hosting\/resources\/benefits-of-pci-compliant-hosting\">Benefits of PCI Compliant Hosting<\/a><\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/clarifying-levels-of-pci-compliance\/\">What is PCI Compliance?<\/a><\/li>\n<li><a href=\"https:\/\/www.onlinetech.com\/secure-hosting\/pci-compliant-hosting\/resources\/pci-compliant-case-studies\">PCI Compliant Case Studies<\/a><\/li>\n<li><a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/pci-compliant-cloud\/\">Levels of PCI Compliance<\/a><\/li>\n<li><a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/pci-compliance\/four-ways-to-gain-transparency-with-pci-hosting-providers\">Four Ways to Gain Transparency with PCI Hosting Providers<\/a><\/li>\n<li><a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/pci-compliance\/four-ways-to-gain-transparency-with-pci-hosting-providers\">PCI Compliant Hosting Guide<\/a><\/li>\n<li><a href=\"https:\/\/www.onlinetech.com\/resources\/e-tips\/pci-compliance\/risk-assessments-for-the-pci-compliant-cloud\">Risk Assessments for the PCI Compliant Cloud<\/a><\/li>\n<\/ul>\n<p>References:<br \/>\n<a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI%20Data%20Storage%20Dos%20and%20Donts.pdf\">PCI DSS Data Storage Do\u2019s and Don\u2019ts<\/a> (PDF)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Protecting stored cardholder data is the end goal of the PCI DSS (Payment Card Industry Data Security Standards) compliance requirements, and data storage is one important aspect of that goal. The PCI SSC (Payment Card Industry Security Standards Council) has a handy guide to PCI DSS Data Storage Do\u2019s and Don\u2019ts explaining the best practices for the benefit of merchant and financial institutions that need advice on how to handle customer cardholder data. When it comes to basic cardholder data storage, the PCI SSC recommends: Merchants must understand the flow of payment card data throughout the entire transaction process Payment card terminals must comply with PCI PIN (Personal ID Number) PTS (Transaction Security) requirements Payment apps must comply with PA-DSS (Payment Application Data Security Standard) Retain cardholder data only if authorized, and ensure its protection Encrypt (use strong cryptography) all stored cardholder data, and use other security technologies to minimize risk Check that all third parties who process cardholder data also comply with PCI standards. A few \u2018data don\u2019ts\u2019 include: Don\u2019t store cardholder unless absolutely necessary (limiting scope of applicable compliance requirements) Don\u2019t store sensitive authentication data found on payment card\u2019s chip or magnetic stripe, including the verification code on&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2018","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>PCI Compliant Hosting: Data Storage Guidelines | OTAVA<\/title>\n<meta name=\"description\" content=\"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI Compliant Hosting: Data Storage Guidelines\" \/>\n<meta property=\"og:description\" content=\"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-24T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"PCI Compliant Hosting: Data Storage Guidelines\",\"datePublished\":\"2012-08-24T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\"},\"wordCount\":403,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\",\"url\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\",\"name\":\"PCI Compliant Hosting: Data Storage Guidelines | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\",\"datePublished\":\"2012-08-24T00:00:00+00:00\",\"description\":\"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI Compliant Hosting: Data Storage Guidelines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PCI Compliant Hosting: Data Storage Guidelines | OTAVA","description":"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/","og_locale":"en_US","og_type":"article","og_title":"PCI Compliant Hosting: Data Storage Guidelines","og_description":"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.","og_url":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/","og_site_name":"OTAVA","article_published_time":"2012-08-24T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"PCI Compliant Hosting: Data Storage Guidelines","datePublished":"2012-08-24T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/"},"wordCount":403,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/","url":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/","name":"PCI Compliant Hosting: Data Storage Guidelines | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png","datePublished":"2012-08-24T00:00:00+00:00","description":"The Payment Card Industry Security Standards Council has a guide to PCI DSS Data Storage explaining the best practices on how to handle cardholder data.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/download-pci-white-paper-graphic.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"PCI Compliant Hosting: Data Storage Guidelines"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2018","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2018"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2018\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2018"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2018"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}