What is Cardholder Data (CHD)? 

Cardholder Data or CHD refers to the specific information associated with a payment card that is subject to the security requirements outlined by the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Key Components of PCI Cardholder Data: 

• Primary Account Number (PAN): 
  • The unique number assigned to a cardholder’s credit or debit card. It is the most critical piece of cardholder data and must be protected. 
• Cardholder Name:
  • The name of the individual to whom the card is issued. While the cardholder name alone is not considered sensitive, it must be protected when combined with the PAN. 
• Expiration Date: 
  • The date after which the card is no longer valid. It is usually in the MM/YY format. 
• Service Code: 
  • A three-digit or four-digit value used to specify acceptance requirements and limitations for a magnetic-stripe payment card. 

Sensitive Authentication Data (Not to be Stored Post-Authorization): 

• Full Magnetic Stripe Data or Chip Data: 
  • Contains all the information in the magnetic stripe or chip, which is used for card processing. Storing this data after authorization is strictly prohibited by PCI DSS. 
• Card Verification Code or Value (CVV, CVV2, CVC2, CID): 
  • The three- or four-digit number printed on the card, used to verify that the cardholder is in possession of the card during a transaction. This must never be stored after authorization. 
• PIN/PIN Block: 
  • The personal identification number entered by the cardholder during a transaction, usually associated with debit card transactions. Storing the PIN or PIN block after authorization is prohibited.