PA-DSS requirement 1.1.5

Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application.

This requirement does not apply to Maitre’D, as it never stores any sensitive authentication data, even when troubleshooting. As stated before, only the PAN and expiration dates are stored in encrypted form, which is allowed by both PA-DSS and PCI DSS.

PreviousPA-DSS requirement 1.1.4 NextPA-DSS requirement 2.1

Last updated 7 months ago