If you read the PCI standards carefully and hang out with PCI geeks here or here you will notice that PCI applies to post-auth data and not necessarily pre-authorization data. – I think the official language is “subsequent to the authorization” On May 1st, a payment processor modified their message formats as a part of their PCI compliance to not send Field 35 in SAF Advice transactions and would just send the PAN in field 2 and Expiration Date in field 14, instead of DE 35. Also, from a forum post from “andrewj“
Another update on this (if you are from Australia) - there is a change being made to AS2805.2 to change the track 2 field from mandatory to optional in 04x0 messages. This should be released sometime this month.
This is a good trend in the industry, hopefully others will take this example and continue to trend.