Quoted from Chad Larsen at www.trustwave.com: 3/23/09

The guidance on storage is that you can only store the first six and last
four and not have to comply with the encryption requirement. How that is
broken up is not a consideration, but I wouldn’t think that one could get
away with separating the PAN up and simply storing it in two locations
unless it was just the first six or last four. PGP and GNUPG implementing
strong cryptography are acceptable solutions but the key management becomes
a challenge.
—————–

James