PCI PA-DSS - Changes to Store and Forward processing

If you read the PCI standards carefully and hang out with PCI geeks here or here you will notice that PCI applies to post-auth data and not necessarily pre-authorization data. – I think the official language is “subsequent to the authorization” On May 1st, a payment processor modified their message formats as a part of their PCI compliance to not send Field 35 in SAF Advice transactions and would just send the PAN in field 2 and Expiration Date in field 14, instead of DE 35. Also, from a forum post from “andrewj

Another update on this (if you are from Australia) - there is a change being made to AS2805.2 to change the track 2 field from mandatory to optional in 04x0 messages. This should be released sometime this month.

This is a good trend in the industry, hopefully others will take this example and continue to trend.


Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now