PCI Watch

For PCI DSS requirement 3.4 and protection of specific cardholder data (CHD) elements please refer to the table included on page 7 of the PCI DSS. The table illustrates that, if the cardholder name, expiration date, or service code is recorded in conjunction with the PAN, these additional cardholder data elements are required to be ?protected?. This means that all applicable PCI DSS requirements must be adhered to for protection of those cardholder data elements stored in conjunction with the PAN, such as firewall, patches, anti-virus, access controls, policies and procedures, etc., but only the PAN must be rendered unreadable. Please note that if these other elements of cardholder data (that is, cardholder name, expiry date and/or service code) are present without any PAN, then PCI DSS would not apply to those elements.