Types of Data on a Payment Card

Account Data

Credit card front data

Cardholder Data includes:

  • Primary Account Number (PAN)
  • Cardholder Name
  • Expiration Date
  • Service Code

Credit card back data

Sensitive Authentication Data includes:

  • Full magnetic stripe data (or equivalent on a chip)
  • PINs/PIN blocks

PCI DSS applies wherever account data is stored, processed, or transmitted. Account data consists of cardholder data and/or sensitive authentication data, as follows:

  • Many people refer to ALL account data simply as "Cardholder Data"
  • PCI DSS requirements are applicable wherever Primary Account Number (PAN) or Sensitive Authentication Data (SAD) is stored, processed, or transmitted
  • PCI DSS requirements also apply to systems that provide security services or could impact the security of account data
  • Account data includes all of the information printed on the physical card as well as the data on the magnetic stripe or chip
  • Sensitive Authentication Data cannot be stored after authorization
  • Encrypting cardholder data or sensitive authentication data does NOT necessarily remove it from scope

Merchants are not permitted to store the track equivalent data following authorization