Card Data / Customer Card Data

Card data, also referred to as cardholder data, encompasses all the information associated with a payment card that is necessary to complete a transaction. At a minimum, this includes the primary account number (PAN), which is the long sequence of digits visible on the front of the card. Card data may also include the cardholder's name, the card's expiration date, and the service code, all of which are typically found on the card and encoded into the card’s magnetic stripe and/or the embedded chip.

The PAN is the central element of card data and is critical for identifying the account to which charges should be billed. This information must be protected to prevent unauthorized use and to comply with industry security standards, such as those outlined by the Payment Card Industry Data Security Standard (PCI DSS). According to PCI DSS guidelines, while certain elements of card data like the PAN, cardholder's name, and expiration date can be stored under stringent security measures, Sensitive Authentication Data (SAD) — such as the full contents of the magnetic stripe, card verification values (CVV), and PIN data — must never be stored post-authorization of a transaction.

Understanding and adhering to these data storage rules is crucial for merchants and payment processors to maintain security, prevent data breaches, and protect cardholders from fraud. This careful handling of card data helps in building trust with customers, ensuring compliance with legal and regulatory requirements, and safeguarding the integrity of the payment systems.