Payment Card Industry Data Security Standards (PCI DSS) compliance is everywhere these days, or so it seems. As a result, there seems to be some confusing information on what CAN and CANNOT be stored regarding cardholder data. Folks, there really should not be any gray area on this, as the rules and regulations are quite straightforward and black and white. Okay, so here we go. Regarding cardholder data, this is what you CAN store, but it also MUST be protected: The Primary Account Number (PAN), the cardholder name, the service code, along with the expiration date.
So, what CAN’T you store (however, there are exceptions)? Here they are: Full Magnetic Stripe/Track Data, CVC2, CVV2, CID, CAV2 (what are these you ask, the numbers that merchant will often ask to help complete and authorize the transaction, you know, those secret numbers on your card :), and finally you cannot store PIN/PIN block information.
So there you have it. If you want to learn more about the Payment Card Industry Data Security Standards, then visit pciassessment.org