Sensitive Data Types
Last updated
Last updated
The following table provides a helpful, quick-reference guide for which data types to mark as private, but any questions should be directed to your security auditor.
For PCI-compliance, the following types of data are considered sensitive and should, therefore, be treated as private in your IVR apps. It is the customer’s responsibility to ensure that the correct information is secured in your IVR apps.
Full Track Data (This is data from the magnetic stripe or chip on the card.)
CAV2/CVC/CVV2/CID
Pin/Pin Block Number
Primary Account Number (i.e., credit card number)
Cardholder Name
Service Code
Expiration Date
If you have questions about PCI-compliance, please contact your PCI auditor.
Additionally, although legal and regulatory requirements differ by state and industry, we recommend handling the following data types with additional security:
Social Security Number
Date of Birth
Bank Account Number
Personal Health Information
Credit Card Information
Patient Health Information
Full Personal Account Number (PAN)
First and Last Name
Credit Card Number
Gender
Cardholder Name
Birth Date
CVV Number
Mother's Maiden Name
Card Expiration Date
Social Security Number
Checking Information
Financial Records
Bank Routing Number
Email Address
Bank Account Number
Driver's License Number
Personal Account Information
Passport Number
Public Transportation Pass/Card Serial/Account Numbers
Personal Health Information