​ Testing with Live PANs
PCI DSS Requirement 6.4.3 requires that live PANs (Primary Account Numbers) only be used in secure
and controlled environments within the CDE.
Pre-production environments located within the CDE must adhere to all PCI DSS requirements for
security and monitoring​​.
​ Prohibited Uses
Testing with live PANs in environments outside the CDE violates PCI DSS. Only simulated data should
be used in less secure testing environments.
​ Incorrect Options
Option A: Production environments are for real transactions, not testing.
Option B: Test environments outside the CDE are insecure for live PANs.
Option D: The QSA environment is irrelevant to the organization’s CDE testing controls.
