Payment Card Industry Data Security Standard (PCI DSS)

PCI - Security Standards Council - Participating Organisation

Are you storing sensitive cardholder data?

Safeguarding customers' data

At Barclaycard, we're responsible for reminding our merchants that card schemes will fine merchants storing sensitive authentication data. So, if you are storing any of the following, you must take immediate remedial action post authorisation:

Full magnetic stripe - track 2
CVC2/CVV2/CID
PIN/PIN block
Sensitive authentication data, even if encrypted

Allowable data storage

PCI DSS allows you to store the Primary Account Number. However, you must protect it in line with the standard's requirements numbered 3 and 4. If stored in conjunction with the Primary Account Number, you must also protect the following data in line with PCI DSS requirements:

Cardholder name
Service code
Expiry date

Other legislation relating to data protection, privacy and security may also require you to protect this data.