The Payment Card Industry Security Standards Council (PCI SSC) established what cardholder data must be protected under PCI DSS.
What is cardholder data?
According to the Payment Card Industry Security Standards Council (PCI SSC), cardholder data is defined as either the full Primary Account Number (PAN), or the full PAN plus any of the following elements:
- Cardholder name
- Expiration date
- Service code
Sensitive Authentication Data must also be protected under PCI DSS. This data includes:
- Full magnetic stripe data
- PINs and PIN blocks