Hello,

I'm trying to determine if the following credit cardholder data / sensitive authentication data is only obtained via a physical swipe of the credit card, or if its often / commonly obtained via users physically inspecting their credit card and inputting the data into a webform or over the phone.

1. Service Code
2. PIN / PIN Block

I assume that these are only obtained via swiping the card and most users are unaware that their credit cards even hold this information as you can't simply obtain it from physically inspecting the credit card. However, I just wanted to confirm my understanding. Thanks!

You are correct. The only way to obtain this information is by reading the magnetic stripe.

Thanks again :-)

To be clear, the PIN / PIN block is _not_ contained on the mag stripe. The stripe _may_ contain a PIN Verification Value (PVV), but this is not always the case. The PIN can only be entered by the customer into a PINPad when it is not being communicated directly to the card Issuer. If there is a direct connection between the customer and the card Issuer (eg home banking), then this does not have to be the case, and I have seen systems where the customer is actually asked to enter their PIN online (I don't recommend this, of course).

The service code is only contained on the mag stripe, but it is not a secret value. With some basic information about your card (eg does it have a chip or not, where are you from), I could probably tell you what your service code is.