Primary account numbers (PANs): What they are and how they’re used

Payments
Payments

针对不同规模业务打造的支付解决方案,满足从初创公司到跨国企业的多维度需求,助力全球范围内线上线下付款。

了解更多 
  1. 导言
  2. What is a primary account number (PAN)?
  3. How primary account numbers work
  4. Primary account numbers vs. account numbers
    1. Primary account number
    2. Account number

Few aspects of financial life have changed more than the way we conduct payment transactions. Businesses, particularly those that handle card payments, stand at the forefront of this transformation and must deal with the data at the heart of payment processing, including primary account numbers (PANs).

For businesses, using PANs securely and efficiently is not a trivial task—it’s a core aspect of their operations, one that can have direct implications on a business’s reputation and customer trust. To maintain robust and compliant payment systems, businesses must understand the regulatory environment, security measures, and practical considerations around PANs. This knowledge might seem too granular to be meaningful for businesses, but as payment systems and fraud prevention efforts become more complex and expansive, understanding payment fundamentals will become a baseline requirement for any business that conducts card transactions.

Below, we’ll look at how PANs function, the important differences between PANs and other account numbers, the standards that govern PANs, and the best practices businesses can implement to safeguard and improve their use.

What’s in this article?

  • What is a primary account number (PAN)?
  • How primary account numbers work
  • Primary account numbers vs. account numbers

What is a primary account number (PAN)?

A primary account number (PAN) is the technical term for a payment card number, the series of digits (usually 12 to 19) embossed or encoded on a credit, debit, or prepaid card that identifies the issuer and specific account. Assigned by a financial institution to a cardholder account, the PAN is a key piece of data that facilitates communication between the entities involved in processing a payment. Keeping the PAN secure is important because misuse or unauthorized access can lead to fraudulent transactions or identity theft.

How primary account numbers work

Understanding the role of the primary account number is important for anyone in the payment processing industry. This unique identifier lives at the core of payment transactions, linking cardholders to their account information stored in the issuer’s database.

These steps show the PAN’s role in a card payment transaction:

1. Transaction initiation
When a cardholder initiates a transaction, the payment terminal reads the PAN from the card, either via the magnetic strip, EMV chip, or near-field communication (NFC) (for contactless payments).

2. Tokenization
Tokenization bolsters transaction security, particularly in digital or card-not-present (CNP) environments. This process replaces the PAN with a unique token for each transaction, thereby protecting the real account details in case transaction data is compromised.

3. Data transmission
The transaction information, including the PAN, transaction amount, and business information, is encrypted and sent to the business’s bank, also called the acquiring bank or acquirer.

4. Forwarding information
The acquiring bank then sends this information through a card network to the cardholder’s bank, known as the issuing bank or issuer.

5. Validation checks
The issuing bank uses the PAN to look up the cardholder’s account and checks the account balance, card validity, and any potential indicators of fraud before approving the transaction.

6. Transaction approval
Once the issuing bank approves the transaction, the response travels through the card network to the acquiring bank and ultimately to the business’s terminal, usually within seconds.

The PAN plays a fundamental role in payment processing, and businesses must take PAN-related security seriously. Security standards such as the Payment Card Industry Data Security Standard (PCI DSS) help protect PANs during storage, processing, and transmission. These measures include:

  • Encryption
    This process converts the PAN data into a coded form, making it unreadable to anyone without the decryption key. The PAN is encrypted during transmission, from the point of transaction (e.g., a payment terminal) to the appropriate financial institutions. Encryption ensures that even if fraudulent actors intercept the transaction data, they cannot understand or use it.

  • Truncation
    Truncation refers to removing a portion of the PAN when displaying it. For instance, on a receipt or a payment confirmation screen, you might see only the last four digits of the PAN with the rest replaced by Xs or asterisks. Truncation helps to protect the PAN by ensuring that the full number isn’t displayed in places where fraudulent actors could see and copy it.

  • Masking
    Similar to truncation, masking involves hiding part of the PAN, typically while a cardholder is entering the number or when it is displayed on a screen. For instance, when you enter your card number on a website, it’s common to see each digit replaced by an asterisk as soon as you type it. This ensures that neither someone looking over your shoulder nor a malicious screen capture software can read the full PAN.

These measures help to build trust with customers because they demonstrate that the business is serious about the security of their payment information. Businesses that process card payments are required to comply with these standards, and failure to do so can result in penalties.

Primary account numbers vs. account numbers

Primary account numbers and account numbers both serve as unique identifiers for financial accounts, but they have different uses and applications, especially in the context of payment processing. Here’s a rundown of the key distinctions between them:

Primary account number

A PAN is a 12- to 19-digit number that appears on a credit, debit, or prepaid card. It is an identifier issued by the card-issuing bank or financial institution. The PAN identifies the cardholder’s account and also contains information about the card issuer and the card type.

The PAN is used in card-based transactions, both at point-of-sale (POS) terminals and for online payments. Because of the sensitive nature of the PAN, which enables communication between the entities involved in processing a payment, businesses must handle this key piece of data with high security. Standards such as the PCI DSS provide rules on how businesses should protect PANs during storage, processing, and transmission.

Account number

An account number is a unique identifier for an account held at a bank or other financial institution. Unlike the PAN, the account number doesn’t contain information about the card issuer or card type. Instead, it’s linked directly to an individual’s or a business’s account and is used primarily for direct transactions with the bank, such as deposits, withdrawals, or transfers.

Typically, account numbers are used for direct debits, wire transfers, and other forms of direct bank transfers. You can find account numbers on bank statements or obtain them through your bank’s online portal or customer service channels. Though it’s also important to handle account numbers securely, they aren’t subject to the same stringent PCI DSS standards as PANs because they are not used in card transactions.

Though PANs and account numbers both serve as unique identifiers, their applications differ. Businesses that handle card payments need to be aware of the regulatory requirements surrounding PANs and protect this data. Though account numbers are more common in direct banking transactions, businesses involved in this kind of activity should also ensure that they handle these numbers securely.

The granular details of card payments, such as PANs, might seem like minor concerns that shouldn’t matter much to businesses. But as technology changes the ways card payments are processed, understanding the detailed components of card transactions can give businesses an edge in adopting and improving their use of payment technology.

本文中的内容仅供一般信息和教育目的,不应被解释为法律或税务建议。Stripe 不保证或担保文章中信息的准确性、完整性、充分性或时效性。您应该寻求在您的司法管辖区获得执业许可的合格律师或会计师的建议,以就您的特定情况提供建议。

准备好开始了?

无需签署合同或填写银行信息,创建账户即可开始收款。您也可以联系我们,为您的业务设计定制套餐。
Payments

Payments

借助为各种企业打造的支付解决方案,实现全球范围线上线下收款。

Payments 文档

查找 Stripe 的付款 API 集成指南。