Regulatory Compliance, Governance and Security

Jan 20 2009   3:30AM GMT

PCI DSS Compliance | Understanding Cardholder Data and What Information to Store

Charles Denyer Charles Denyer Profile: Charles Denyer

Payment Card Industry Data Security Standards (PCI DSS) compliance is everywhere these days, or so it seems. As a result, there seems to be some confusing information on what CAN and CANNOT be stored regarding cardholder data. Folks, there really should not be any gray area on this, as the rules and regulations are quite straightforward and black and white. Okay, so here we go. Regarding cardholder data, this is what you CAN store, but it also MUST be protected: The Primary Account Number (PAN), the cardholder name, the service code, along with the expiration date.

So, what CAN’T you store (however, there are exceptions)? Here they are: Full Magnetic Stripe/Track Data, CVC2, CVV2, CID, CAV2 (what are these you ask, the numbers that merchant will often ask to help complete and authorize the transaction, you know, those secret numbers on your card :), and finally you cannot store PIN/PIN block information.

So there you have it. If you want to learn more about the Payment Card Industry Data Security Standards, then visit pciassessment.org

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: