Skip to the main content.
Contact
Contact

What Is Cardholder Data In PCI Compliance?

Picture of David Gamey David Gamey : Jan 16, 2017 10:07:00 PM

pci
What Is Cardholder Data In PCI Compliance?

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes the primary account number (PAN) alone or in combination with any of name, expiry date, and a piece of hidden data called a service code. CHD can be in any media format including text or binary data in files and databases, images, and audio. All of these formats need to be protected under PCI.

For clarity, sensitive authentication data has additional restrictions. Truncated cardholder data is not considered cardholder data.

For more see the official PCI Compliance glossary.
The Art of Reading a PCI Attestation of Compliance (AoC)

The Art of Reading a PCI Attestation of Compliance (AoC)

Picture of David Gamey David Gamey: Mar 22, 2023 9:00:00 AM

PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence.  Yet...

pci PCI 4.0 Supply Chain third-party AOC
Read More
Control Gap Vulnerability Roundup: March 4th to March 10th

Control Gap Vulnerability Roundup: March 4th to March 10th

Picture of Zach Matthews Zach Matthews: Mar 20, 2023 11:00:00 AM

This week saw the publication of 493 new CVE IDs. Of those, 58 have not yet been assigned official CVSS scores, however, of the ones that were,...

offensivesecurity Cybersecurity Certified Zero CVE
Read More
Control Gap Vulnerability Roundup: February 25th to March 3rd

Control Gap Vulnerability Roundup: February 25th to March 3rd

Picture of Zach Matthews Zach Matthews: Mar 16, 2023 2:32:38 PM

This week saw the publication of 442 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were,...

offensivesecurity Cybersecurity Certified Zero CVE
Read More