The objective of PCI DSS is to protect card holder data. All card transactions are either Card Present or Card not Present. Card Present transaction refers to face to face transaction in physical stores, while Card not Present usually happens refers to online payment or E-Commerce transactions.
These different types of payment transactions touch different card holder data. For a Card Present transaction, sensitive data stored in magnetic stripe or the card’s chip will be processed, while a transaction of Card not Present will only touch the Primary Account Number, Expiry and the Security Code.
Below are the respective security requirements under PCI DSS:
Primary Account Number (Card Number) should be encrypted or rendered unreadable when it is stored, and Sensitive Authorization Data (SAD) are not allowed to be stored in the whole processes.