What is cardholder data?

Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.

What are the different types of cardholder data?

The Payment Card Industry Security Standards Council (PCI SSC), the group in charge of the PCI Data Security Standard (PCI DSS) defines cardholder data to include the primary account number (PAN) along with any of the following data types: cardholder name, expiration date or service code. A service code is a three- or four-digit number on cards that use a magnetic-stripe. The service code specifies acceptance requirements and limitations for a magnetic-stripe-read transaction.

Cardholder data can also include a user's personal identification number (PIN), EMV chip data and card security codes.

Security codes vary by payment or credit card brand and include the following:

• CAV -- card authentication value (JCB).
• PAN CVC -- card validation code (MasterCard).
• CVV -- card verification value (Visa and Discover).
• CSC -- card security code (American Express).
• CID -- card identification number (American Express and Discover).
• CAV2 -- Card Authentication Value 2 (JCB)
• PAN CVC2 -- Card Validation Code 2 (MasterCard)
• CVV2 -- Card Verification Value 2 (Visa)

How does cardholder data relate to PCI DSS?

If the cardholder name, expiration date and/or service code are stored, processed or transmitted with the PAN, they must be protected in accordance with requirements laid out by the PCI SSC in PCI DSS.