Can you store 16-digit card numbers, CVV, and expiration dates?
An example of insecure credit card number storage comes from our PCI Assessment a company some information about how they processed their credit cards. They told him how their secretary had a secure way of storing the inner-office credit cards.
If data is encrypted: here’s what you’re allowed to store:
- PAN (Primary Account Number) (e.g., 16 digit number on front of card)
- Cardholder name (e.g., John Smith)
- Expiration date (e.g., 5/18)
- Service code (Note: You can’t actually see this data on a physical card because it resides in the magnetic stripe)
Even if data is encrypted, you can NEVER store:
- Sensitive authentication data (i.e., full magnetic stripe info)
- PIN block (i.e., the encrypted PIN)
- Card validation value (CVV), also known as three/four-digit service code or card security code