Cardholder data is any information which is associated with a payment card. This consists of the following:
Additionally, it’s worth noting that PCI DSS 4 also covers Sensitive Authentication Data (SAD). These pieces of data are used for authentication purposes. However, unlike Cardholder data, Sensitive Authentication data can be processed but cannot be stored. This includes:
PCI DSS compliance requires organizations to implement security measures to protect cardholder data from unauthorized access, use, or disclosure. This includes encryption, secure storage, access controls, and regular monitoring to ensure the security of cardholder data.
See the following diagram for a summary.