The Knowledge base
From a PCI standpoint, what is defined as ‘cardholder data’?
The PCI Security Standards Council (SSC) defines cardholder data as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:
- Cardholder name
- Expiration date
- Service code
Sensitive Authentication Data, which must also be protected and may be prohibited from storing, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more