What Is Cardholder Data In PCI Compliance?

David Gamey David Gamey : Jan 16, 2017 10:07:00 PM

What Is Cardholder Data In PCI Compliance?

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes the primary account number (PAN) alone or in combination with any of name, expiry date, and a piece of hidden data called a service code. CHD can be in any media format including text or binary data in files and databases, images, and audio. All of these formats need to be protected under PCI.

For clarity, sensitive authentication data has additional restrictions. Truncated cardholder data is not considered cardholder data.

For more see the official PCI Compliance glossary.
Understanding

Understanding "Connected-to" - Is The Internet In Scope For PCI DSS?

David Gamey David Gamey : Dec 7, 2017 10:07:00 PM

PCI DSS is all about scope. Getting scope right or wrong is perhaps the single most critical factor...

Read More
PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money

PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money

David Gamey David Gamey : Nov 26, 2016 10:07:00 PM

While you may have heard of carbon footprints and ecological footprints, you might not be aware...

Read More
Another Way 8-Digit Bins Complicate PCI Compliance: It's Not Just Data-at-Rest

Another Way 8-Digit Bins Complicate PCI Compliance: It's Not Just Data-at-Rest

David Gamey David Gamey : Apr 23, 2021 10:07:00 PM

The adoption of 8-digit BINs in 2022 has already created many transitional challenges for...

Read More