|
|
#1
02-10-2009, 09:38 AM
|
|||
|
|||
Cardholder Data Clarification
Hello,
I'm trying to determine if the following credit cardholder data / sensitive authentication data is only obtained via a physical swipe of the credit card, or if its often / commonly obtained via users physically inspecting their credit card and inputting the data into a webform or over the phone. 1. Service Code 2. PIN / PIN Block I assume that these are only obtained via swiping the card and most users are unaware that their credit cards even hold this information as you can't simply obtain it from physically inspecting the credit card. However, I just wanted to confirm my understanding. Thanks! 
|
|
#2
02-10-2009, 09:44 AM
|
||||
|
||||
|
You are correct. The only way to obtain this information is by reading the magnetic stripe.
__________________
Jeff Hall, Director, Risk Advisory Services RSM McGladrey Inc 801 Nicollet Mall, 11th Floor, West Tower Minneapolis, MN 55402-2526 612 376 9280 - office 612 395 7280 - facsimile www.mcgladrey.com The views presented are those of the writer and are not necessarily those of RSM McGladrey Inc
|
|
#4
02-10-2009, 11:35 AM
|
||||
|
||||
|
To be clear, the PIN / PIN block is _not_ contained on the mag stripe. The stripe _may_ contain a PIN Verification Value (PVV), but this is not always the case. The PIN can only be entered by the customer into a PINPad when it is not being communicated directly to the card Issuer. If there is a direct connection between the customer and the card Issuer (eg home banking), then this does not have to be the case, and I have seen systems where the customer is actually asked to enter their PIN online (I don't recommend this, of course).
The service code is only contained on the mag stripe, but it is not a secret value. With some basic information about your card (eg does it have a chip or not, where are you from), I could probably tell you what your service code is.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
