I know there are many limitations for data storing and processing by PCI DSS. Some of them are explained here. https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf But I can't find any info about storing customers' billing addresses. Is this means that PCI allows it for any merchants / service providers?
Asked
Active
Viewed 281 times
1 Answers
1
The PCI DSS concerns itself with the following pieces of data:
Except insofar as it might include Customer Name, billing address is not PCI protected data, and there are no PCI requirements around storage, encryption, or lack thereof. Instead, that data is PII, and should be protected in line with whatever PII standards apply to your locality.
gowenfawr
- 71,975
- 17
- 161
- 198
-
I thought so. Thanks for clarification! – Vlad Jul 28 '20 at 20:13