NCR Coronavirus Response Resources >
The Knowledge base

From a PCI standpoint, what is defined as ‘cardholder data’?

The PCI Security Standards Council (SSC) defines cardholder data as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:

Sensitive Authentication Data, which must also be protected and may be prohibited from storing, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more