A Primary Account Number (PAN) is the main identifier for a payment card account, typically consisting of 13-19 digits that uniquely identify the issuing bank and the cardholder's account. PANs are printed or encoded on credit cards, debit cards, and other payment instruments and are essential for authorizing and processing financial transactions.
Primary Account Number (PAN)
Regulatory Definitions
- PCI-DSS (Payment Card Industry Data Security Standard): Under PCI-DSS, a PAN is defined as the card number printed or encoded on a payment card that identifies the issuer and the cardholder account. PCI-DSS Requirement 3 mandates the protection of stored PAN data, with specific controls for encryption, masking, and truncation. The standard distinguishes between full PAN storage (heavily restricted) and truncated PAN (last four digits only, which may be displayed). Per PCI-DSS v3.2.1 Requirement 3.2, if PAN is stored, it must be rendered unreadable anywhere it is stored. Requirement 3.3 specifically addresses the truncation of PAN, allowing display of no more than the first six and last four digits.