Does anyone have any experience bringing CTR software to PCI compliant? Our tech team is looking to tokenize (mask) part of the credit card numbers, the first 6 will display, the last 4 will display and the middle 6 numbers will be tokenized. As it relates to account numbers on CTRs do we need to include the account number for credit(debit) card transactions? Of course we include the account number for deposit transactions, where appropriate, but we are unsure if Credit card account should be treated differently.
I've been unable to find any FinCEN guidance around this topic.
thanks!