Primary account numbers (PANs): What they are and how they’re used

Payments
Payments

Aceite pagamentos online, presenciais e de qualquer lugar do mundo com uma solução desenvolvida para todos os tipos de negócios, de startups em crescimento a grandes multinacionais.

Saiba mais 
  1. Introdução
  2. What is a primary account number (PAN)?
  3. How primary account numbers work
  4. Primary account numbers vs. account numbers
    1. Primary account number
    2. Account number

Few aspects of financial life have changed more than the way we conduct payment transactions. Businesses, particularly those that handle card payments, stand at the forefront of this transformation and must deal with the data at the heart of payment processing, including primary account numbers (PANs).

For businesses, using PANs securely and efficiently is not a trivial task—it’s a core aspect of their operations, one that can have direct implications on a business’s reputation and customer trust. To maintain robust and compliant payment systems, businesses must understand the regulatory environment, security measures, and practical considerations around PANs. This knowledge might seem too granular to be meaningful for businesses, but as payment systems and fraud prevention efforts become more complex and expansive, understanding payment fundamentals will become a baseline requirement for any business that conducts card transactions.

Below, we’ll look at how PANs function, the important differences between PANs and other account numbers, the standards that govern PANs, and the best practices businesses can implement to safeguard and improve their use.

What’s in this article?

  • What is a primary account number (PAN)?
  • How primary account numbers work
  • Primary account numbers vs. account numbers

What is a primary account number (PAN)?

A primary account number (PAN) is the technical term for a payment card number, the series of digits (usually 12 to 19) embossed or encoded on a credit, debit, or prepaid card that identifies the issuer and specific account. Assigned by a financial institution to a cardholder account, the PAN is a key piece of data that facilitates communication between the entities involved in processing a payment. Keeping the PAN secure is important because misuse or unauthorized access can lead to fraudulent transactions or identity theft.

How primary account numbers work

Understanding the role of the primary account number is important for anyone in the payment processing industry. This unique identifier lives at the core of payment transactions, linking cardholders to their account information stored in the issuer’s database.

These steps show the PAN’s role in a card payment transaction:

1. Transaction initiation
When a cardholder initiates a transaction, the payment terminal reads the PAN from the card, either via the magnetic strip, EMV chip, or near-field communication (NFC) (for contactless payments).

2. Tokenization
Tokenization bolsters transaction security, particularly in digital or card-not-present (CNP) environments. This process replaces the PAN with a unique token for each transaction, thereby protecting the real account details in case transaction data is compromised.

3. Data transmission
The transaction information, including the PAN, transaction amount, and business information, is encrypted and sent to the business’s bank, also called the acquiring bank or acquirer.

4. Forwarding information
The acquiring bank then sends this information through a card network to the cardholder’s bank, known as the issuing bank or issuer.

5. Validation checks
The issuing bank uses the PAN to look up the cardholder’s account and checks the account balance, card validity, and any potential indicators of fraud before approving the transaction.

6. Transaction approval
Once the issuing bank approves the transaction, the response travels through the card network to the acquiring bank and ultimately to the business’s terminal, usually within seconds.

The PAN plays a fundamental role in payment processing, and businesses must take PAN-related security seriously. Security standards such as the Payment Card Industry Data Security Standard (PCI DSS) help protect PANs during storage, processing, and transmission. These measures include:

  • Encryption
    This process converts the PAN data into a coded form, making it unreadable to anyone without the decryption key. The PAN is encrypted during transmission, from the point of transaction (e.g., a payment terminal) to the appropriate financial institutions. Encryption ensures that even if fraudulent actors intercept the transaction data, they cannot understand or use it.

  • Truncation
    Truncation refers to removing a portion of the PAN when displaying it. For instance, on a receipt or a payment confirmation screen, you might see only the last four digits of the PAN with the rest replaced by Xs or asterisks. Truncation helps to protect the PAN by ensuring that the full number isn’t displayed in places where fraudulent actors could see and copy it.

  • Masking
    Similar to truncation, masking involves hiding part of the PAN, typically while a cardholder is entering the number or when it is displayed on a screen. For instance, when you enter your card number on a website, it’s common to see each digit replaced by an asterisk as soon as you type it. This ensures that neither someone looking over your shoulder nor a malicious screen capture software can read the full PAN.

These measures help to build trust with customers because they demonstrate that the business is serious about the security of their payment information. Businesses that process card payments are required to comply with these standards, and failure to do so can result in penalties.

Primary account numbers vs. account numbers

Primary account numbers and account numbers both serve as unique identifiers for financial accounts, but they have different uses and applications, especially in the context of payment processing. Here’s a rundown of the key distinctions between them:

Primary account number

A PAN is a 12- to 19-digit number that appears on a credit, debit, or prepaid card. It is an identifier issued by the card-issuing bank or financial institution. The PAN identifies the cardholder’s account and also contains information about the card issuer and the card type.

The PAN is used in card-based transactions, both at point-of-sale (POS) terminals and for online payments. Because of the sensitive nature of the PAN, which enables communication between the entities involved in processing a payment, businesses must handle this key piece of data with high security. Standards such as the PCI DSS provide rules on how businesses should protect PANs during storage, processing, and transmission.

Account number

An account number is a unique identifier for an account held at a bank or other financial institution. Unlike the PAN, the account number doesn’t contain information about the card issuer or card type. Instead, it’s linked directly to an individual’s or a business’s account and is used primarily for direct transactions with the bank, such as deposits, withdrawals, or transfers.

Typically, account numbers are used for direct debits, wire transfers, and other forms of direct bank transfers. You can find account numbers on bank statements or obtain them through your bank’s online portal or customer service channels. Though it’s also important to handle account numbers securely, they aren’t subject to the same stringent PCI DSS standards as PANs because they are not used in card transactions.

Though PANs and account numbers both serve as unique identifiers, their applications differ. Businesses that handle card payments need to be aware of the regulatory requirements surrounding PANs and protect this data. Though account numbers are more common in direct banking transactions, businesses involved in this kind of activity should also ensure that they handle these numbers securely.

The granular details of card payments, such as PANs, might seem like minor concerns that shouldn’t matter much to businesses. But as technology changes the ways card payments are processed, understanding the detailed components of card transactions can give businesses an edge in adopting and improving their use of payment technology.

O conteúdo deste artigo é apenas para fins gerais de informação e educação e não deve ser interpretado como aconselhamento jurídico ou tributário. A Stripe não garante a exatidão, integridade, adequação ou atualidade das informações contidas no artigo. Você deve procurar a ajuda de um advogado competente ou contador licenciado para atuar em sua jurisdição para aconselhamento sobre sua situação particular.

Vamos começar?

Crie uma conta e comece a aceitar pagamentos sem precisar de contratos nem dados bancários, ou fale conosco para criar um pacote personalizado para sua empresa.
Payments

Payments

Aceite pagamentos online, presenciais e em todo o mundo com uma solução desenvolvida para todos os tipos de empresas.

Documentação do Payments

Encontre um guia para integrar as APIs de pagamento da Stripe.