Is sending card hashes to SEON PCI DSS compliant?

Updated on 25.07.22
Copy link

If certain technical requirements are met, then yes. PCI DSS states that if a system stores both truncated BIN data and card hashes, the card hash must be created in a way that ensures the system cannot reconstruct the original data.

However, to be effective in fraud prevention, the same input should have the same output. This will allow SEON to recognize the same card being used by multiple accounts.

We recommend using HMAC-SHA256 or RSA-SHA256 encryption to create the card hash. These algorithms contain secrets that ensure we cannot reconstruct the original data. They will also keep hashes consistent, allowing you to check card usage.

Was this answer helpful?