Primary Account Number (PAN) is the most important and essential part of cardholder data. The PAN data can be combined with other data to identify customers and their related bank account details and more importantly to make transactions/payments. So, knowing how sensitive and critical this piece of data is the PCI Council in its PCI DSS requirements clearly outlines the requirement of not storing PAN data unless required. It further requires merchants to implement measures for the safe and secure handling of such data. In case the PAN Data is stored in the Cardholder data environment, then it should be protected as per the requirements outlined in PCI DSS.
Visit this link to know more:
www.vistainfosec.com/blog/how-can-pan-da...uired-under-pci-dss/
How can PAN Data be rendered unreadable as required under PCI DSS?
