Question: Is a card that has been closed by an issuer that is no longer active still subject to the same compliance standards as an active card when looking to email a card number in the clear?
Answer: First, I would recommend to NEVER email a credit card number, regardless of its active/inactive status. However, the council has weighed in on this issue via their FAQ site. From the PCI Council’s FAQs:
If the issuer confirms the cards are inactive or disabled, the PANs (Primary Account Numbers) no longer pose fraud risk to the payment system. The PCI DSS would not apply in these cases. If however,