Sensitive Data Types

The following table provides a helpful, quick-reference guide for which data types to mark as private, but any questions should be directed to your security auditor.

Credit Card Information

Patient Health Information

Full Personal Account Number (PAN)

First and Last Name

Credit Card Number


Cardholder Name

Birth Date

CVV Number

Mother's Maiden Name

Card Expiration Date

Social Security Number

Checking Information

Financial Records

Bank Routing Number

Email Address

Bank Account Number

Driver's License Number

Personal Account Information

Passport Number

Public Transportation Pass/Card Serial/Account Numbers

Personal Health Information

PCI-DSS Requirements

For PCI-compliance, the following types of data are considered sensitive and should, therefore, be treated as private in your IVR apps. It is the customerโ€™s responsibility to ensure that the correct information is secured in your IVR apps.

  • Full Track Data (This is data from the magnetic stripe or chip on the card.)


  • Pin/Pin Block Number

  • Primary Account Number (i.e., credit card number)

  • Cardholder Name

  • Service Code

  • Expiration Date

If you have questions about PCI-compliance, please contact your PCI auditor.

Additionally, although legal and regulatory requirements differ by state and industry, we recommend handling the following data types with additional security:

  • Social Security Number

  • Date of Birth

  • Bank Account Number

  • Personal Health Information

Last updated