Protecting Sensitive Data

Many companies do not believe it is necessary to become PCI compliant not realizing that there is a variety of ways that sensitive cardholder data can be retrieved rather a high or low end business. The diagram below talks about “sensitive cardholder data” and what should and should not be stored.

Sensitive card holder data is defined as the following: the PAN, primary account number that is found on the front of the credit card, the 3 or 4 digit number printed to the right on the back of the credit card or on the face of the credit card used to recognize card not present transactions, expiration date and the integrated circuit/chip contains track equivalent data and other sensitive data. Such data, if retrieved could allow a hacker to create false credit cards and make fraudulent transactions.