PAN and authentication data
As you prepare information to work with IBM® Support, know what data you are allowed to send to IBM.
Important: Never send or provide IBM access to any
personally identifiable information, including live PAN data (for example, Primary Account Number,
Cardholder Name, Expiration Date) or Sensitive Authentication Data (full magnetic stripe data or
equivalent on a chip, CAV2/CVC2/CVV2/CID, PINs/PIN blocks), whether in data or
any other form.
Implement the respective and required protection measurements. This includes choosing a remote service that allows the customer to actively control data flow and transmission. A basic remote access service, even if encrypted, for example, VPN, is not sufficient to ensure required protection. IBM will not act as a data processor in accordance with the applicable data privacy regulations, and IBM will not be responsible and shall not be held responsible by the customer for any damage caused by having received such data. However, in the event that IBM receives data that is subject to data privacy regulations, such regulations shall apply.