For PCI DSS requirement 3.4 and protection of specific cardholder data elements,(CHD) elements please refer to the table included inon page 7 of the PCI DSS on page 2 (www.pcisecuritystandards.org). The table illustrates that, if the cardholder name, expiration date, or other cardholder dataservice code is recorded in conjunction with the PAN, even ifthese additional cardholder data elements are required to be ?protected?. This means that all applicable PCI DSS requirements must be adhered to for protection of those cardholder data elements stored in conjunction with the PAN is rendered unreada, such as firewall, patches, anti-virus, access controls, policies and procedures, etc., ble, these additional cardholder data elements are still required tout only the PAN must be ?protected?rendered unreadable. This means that all other requirements in thePlease note that if these other elements of cardholder data (that is, cardholder name, expiry date and/or service code) are present without any PAN, then PCI DSS must be adhered to for protection of those cardholder data elements stored in conjunction with the PAN, such as firewall, patches, anti-virus, access controls, policies and procedures, etcould not apply to those elements., but only the PAN must be rendered unreadable. Please note that if the PAN is not stored, processed, or transmitted, even if other non-sensitive cardholder data is stored, PCI DSS does not apply.