This article will guide you through understanding PCI requirement to have a policy PAN data (Personal Account Number). Refer to the breakdown for our Disable, Delete, Archive and Purge process.
Disable
- Profiles can be disabled manually or by certain processes, like Hard Declines
- Disabled profiles are listed in the Manage Payment Profile page
- A Hard Decline will disable the payment profile
- A Disabled profile updated by Account Updater will be enabled
Delete
- Delete is a ‘soft-delete’ operation – a deleted flag is set
- Account Updater does not delete profiles
- Deleted profiles are not available for Sale transactions, but are available for void and refund transactions
- Deleted profiles are not visible from the site (i.e. not in Manage Payment Profiles)
Archive
- Archive removes data from the active table, storing the most recent information in a history table
- An automated process will archive a profile based on several key factors
- If Deleted or one-time (Temporary) sale and never successful: 30 days after being modified
- If Deleted or one-time (Temporary) sale: 1 year after being modified or the last Sale
- Otherwise: 4 years after the last Sale or Modified
- Archived profiles cannot be used for Sale, Void or Refund transactions
- Archived profiles can be recovered to be back online
- Archive time: 1 year
Purged
- The entire history of a profile is deleted when purged
- Purged profiles cannot be recovered (without restoring backups)
- Profiles are purged 2 Years after being Archived
Purge History
- Basic information is retained when a profile is purged (token/guid, owner, last4 and some dates – but not the type of profile)
- 3 years after a profile is purged, the history of the purge is deleted