
Have you been looking for more information on Single Use Virtual Credit Cards?
Mastercard published a Frequently Asked Questions (FAQ) document this year on these type of credit cards that include conditions on when they can be considered out of scope for PCI. Check it out here.
Below is the summary of the conditions that must be met to consider these types of credit cards out of scope for PCI DSS compliance, according to Mastercard:
“Two primary conditions must be met for a SU-VCN* to be considered out of scope for the PCI DSS:
- It must be shown that the SU-VCN becomes inactive/disabled after only one authorization creating a single clearing record by technical control (must be met by a technological control that cannot be circumvented); AND
- The systems that store, process, or transmit the SU-VCN do not also store, process, or transmit multi-use PANs.”
*Single Use Virtual Card Numbers (SU-VCNs)