Merchants and credit card processing companies need to comply with Payment Card Industry Data Security Standard that facilitates consistent measures for data security globally. These organizations include any entity processing credit card transactions including but not limited to:
brick and mortar and internet commerce ATM and cash register operators money transfer companies money exchange companies
PCI DSS establishes the technical and operational framework needed to protect consumers from data security risks.
There are several persistent data elements that PCI DSS either dictates standards of protection for, or recommends best practices. These data elements include
Primary Account Number (PAN),
PCI DSS makes it mandatory to mask the PAN both in production and in development environments and recommends to protect the rest of the persistent elements in accordance with the local legislature and best practices. Many institutions decide to be proactive and safeguard names, dates and service codes with masking as well.