My Merchant Account Blog
You can now contact us at 888-928-5280 ext 822
Cardholder Data and Sensitive Authentication Data Elements
Thursday, December 04, 2008
Cardholder data includes the Primary Account Number (PAN), cardholder name, expiration date, service code, the CAV2 / CVC2 / CID / CVV2, PIN, and other sensitive information that is found on the full magnetic stripe. There are certain fields that cannot be stored and other fields that can be stored as long as it is encrypted.Never store the CAV2 / CVC2 / CID / CVV2 in your database or logs. This is a direct violation of the requirements. If you have to store the PAN for any reason, it should always be encrypted. If it needs to be displayed, it should be masked unless the personnel is authorized with a specific need to see the full account number. You can display the first six digits and the last four digits if necessary, but that is the maximum number of digits that you should display. Some websites might show the customer the last four digits just so he can confirm what card number is on file with the merchant.
The cardholder name, service code, and expiration date can be stored, but must be encrypted if this information is stored in conjunction with the PAN. PCI DSS does not apply if PANs are not stored, processed or transmitted.
The PAN should be unreadable anywhere it is stored, for example backups, logs, or any other type of media that is used to store the numbers. Developers can consider using truncation, strong cryptography, index tokens and securely stored pads, or a one-way hash based on strong cryptography.
The PAN should never be sent in unencrypted emails (which almost all emails are just plain text), instant messaging, instant chats, or over any unsecured transmission. If you are asking customers to send you’re their PAN via a form to email method, you must make sure the email is secure. Just because they are submitting the form with an https: in the URL does not mean the email is secure and encrypted.
Card Validation Value or Code
The card association developed a three or four digit code to help prevent fraud on all keyed transactions. This code is uniquely assigned to each card and ties the card account number to the card itself.- CVV2: Card Verification Value 2 (Visa)
- CVC2: Card Validation Code 2 (MasterCard)
- CID: Card Identification Number (American Express and Discover)
- CAV2: Card Authentication Value 2 (JCB)
Comments
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Chargebacks (20)
- Electronic Payment Gateways (7)
- In The News (11)
- LinkPoint Gateway (4)
- Merchant Account Fees (23)
- Merchant Account Terminology (80)
- Merchant Accounts (34)
- Miscellaneous (20)
- PCI DSS (14)
- Quantum Gateway (8)
- Security (8)
- Web Hosting and Design (7)
My Merchant Account Blog Archives
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- August 2010
- July 2010
- January 2010
- December 2009
- September 2009
- August 2009
- May 2009
- April 2009
- January 2009
- December 2008
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Visa Chargeback Reason Code 75 - Transaction Not Recognized
- Visa Chargeback Reason Code 74 - Late Presentment
- Visa Chargeback Reason Code 73 - Expired Card
- Visa Chargeback Reason Code 72 - No Authorization
- Visa Chargeback Reason Code 71 - Declined Authorization
- Visa Chargeback Reason Code 62 - Counterfeit Transaction
- Visa Chargeback Reason Code 60 - Illegible Fulfillment
- Visa Chargeback Reason Code 57 - Fraudulent Multiple Transactions
- Visa Chargeback Reason Code 41 - Cancelled Recurring Transaction
- PCI Compliance - A Review of Consumer Benefits
About My Merchant Account Blog
My Merchant Account Blog SiteMap
Retail Merchant Accounts
Get a Retail Merchant Account with a 1.65% discount rate. No leases - free terminal. No monthly minimum and no termination fee!
Merchant Account
Resources Directory
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!
My Merchant Account Blog SiteMap
- Main SiteMap
- Merchant Account
- Electronic Payment Gateways
- Merchant Account Fees
- Merchant Account Terminology
- Quantum Gateway
- LinkPoint Gateway (even though rebranded ad the First Data Global Gateway, it still has a lot of faults and extra charges, we recommend the Quantum Gateway)
- Security
- PCI DSS
- In The News
- Miscellaneous
- Chargebacks
- Web Hosting and Design
Publishers
- Corey R Bryant
- Charles Summerfield
- Randy Goldblum
- Alexander Glasso
If you would like to publish a unique article on My Merchant Account Blog, please contact us.