PCI DSS is designed to protect the cardholder’s sensitive information by ensuring that there is adequate control over the use of processes, people and all data access.
Cardholder data and sensitive authentication data are defined as follows:
- Cardholder data includes the initial account number (PAN), cardholder name, expiration date, and service code.
- Sensitive authentication data includes full track data (magnetic stripe data or equivalent data on a chip), CAV2 / CVC2 / CVV2 / CID, and pin or pin blocks.
PAN is a complex component associated with cardholder data. If the cardholder’s name, service code and / or expiration date are stored, processed or transmitted with the PAN or are present in the Cardholder Data Environment (CDE), they must be protected in accordance with the PCI DSS requirements.