What’s PCI DSS? | Definitions | Requirements | Cardholder Data | Data Security | Quiz
First, let’s start with the critical information that we are trying to secure.
Account data or cardholder data that you need to protect includes—but is not limited to—the following:
- card number, known as the Primary Account Number (PAN)
- cardholder name
- expiration date
- customer’s payment address.
If your payment system involves swiping cards, you must also protect the data in the magnetic stripe and chip of credit and debit cards. Depending on your system, you may also receive card verification security codes (including CVV2, CID, CAV2, and CVC2). Those are the three- or four-digit codes that appear on the front or back of a card. These also must be treated as sensitive data. Cardholder data also includes the PINs or PIN blocks for debit card transactions.
