What Is Cardholder Data In PCI Compliance?

Picture of David Gamey David Gamey : Jan 16, 2017 10:07:00 PM

pci

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the primary account number (PAN) alone or in combination with any of name, expiry date, and a piece of hidden data called a service code. CHD can be in any media format including text or binary data in files and databases, images, and audio. All of these formats need to be protected under PCI.

For clarity, sensitive authentication data has additional restrictions. Truncated cardholder data is not considered cardholder data.

For more see the official PCI Compliance glossary.

This Week's [in]Security - Issue 271

CG Blogger : Jun 12, 2022 9:57:00 AM

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...

David Gamey : Jun 8, 2022 11:02:00 AM

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

humour pci Non-compliance lessons

Connor McMillan : May 31, 2022 11:22:25 AM

Background

Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus...

zeroday Microsoft Follina

What Is Cardholder Data In PCI Compliance?

This Week's [in]Security - Issue 271

Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies

“Follina” – Critical Zero-Day Exploit for Microsoft Products

Background

Services

About Us

Knowledge Base

Contact