The Payment Card Industry Data Security Standards (PCI-DSS) are a set of requirements that you must follow to protect sensitive cardholder data.
Sensitive cardholder data is information from a payment card that an issuing bank can use to authorize a transaction. Sensitive cardholder data includes the primary account number (PAN) and at least one of the following details:
- Cardholder name
- Expiration date of the payment card
- Service code
Note: The service code is a three-digit or four-digit value stored on the payment card’s magnetic-stripe.
You must not store any sensitive authentication data after you complete a transaction. Sensitive authentication data includes:
- Full track data
- Card security code, also known as CVV, CVC, or CVD
- Cardholder’s PIN
Why do I need to comply with PCI-DSS?
If a hacker accesses sensitive cardholder data that you store or process on your system, you could receive a fine from the card brands. If you comply with PCI-DSS, you help to protect sensitive cardholder data from hackers.
Let us know if this answered your question. If not, please let us know why!
Tags: pci, card brands, security, cardholder data, requirements