What Is Cardholder Data In PCI Compliance?

David Gamey David Gamey : Jan 16, 2017 10:07:00 PM

What Is Cardholder Data In PCI Compliance?

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes the primary account number (PAN) alone or in combination with any of name, expiry date, and a piece of hidden data called a service code. CHD can be in any media format including text or binary data in files and databases, images, and audio. All of these formats need to be protected under PCI.

For clarity, sensitive authentication data has additional restrictions. Truncated cardholder data is not considered cardholder data.

For more see the official PCI Compliance glossary.
PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates | blog,pci,cryptography | Control Gap

PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates | blog,pci,cryptography | Control Gap

David Gamey David Gamey : Mar 10, 2015 12:00:00 AM

The PCI council has released an announcement that they are preparing an updated version of the...

Read More
What Is The Difference Between Masking And Truncation In PCI Compliance?

What Is The Difference Between Masking And Truncation In PCI Compliance?

David Gamey David Gamey : Jan 17, 2017 10:07:00 PM

Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890);...

Read More
The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules

The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules

David Gamey David Gamey : Aug 5, 2021 10:07:00 PM

It turns out that how you implement e-commerce can have a huge impact on your compliance footprint...

Read More