Glossary
Cardholder Data
Cardholder data encompasses the essential information found on a payment card that is used to facilitate financial transactions. At its core, this data includes the Primary Account Number (PAN), which is the long number printed across the card that uniquely identifies the card account. In addition to the PAN, cardholder data may also comprise the cardholder's name, the card's expiration date, and the service code.
Sensitive Authentication Data (SAD), which includes the magnetic stripe data, CAV2/CVC2/CVV2/CID codes, and PINs/PIN blocks, is closely related but should never be stored after authorization of a transaction, in accordance with Payment Card Industry Data Security Standard (PCI DSS) guidelines. Storing SAD post-authorization increases the risk of security breaches and fraud.
Cardholder data is critical for processing payment transactions and must be handled with strict adherence to security standards to protect against unauthorized access and ensure the integrity of payment systems. Proper management of this data involves not only securing it during transactions but also ensuring it is not unnecessarily retained or exposed.