PCI-Sensitive Data

Galileo prioritizes security by carefully handling PCI-sensitive data and personally identifiable information (PII):

  • PAN
  • expiry date
  • CVV
  • PIN
  • U.S. Social Security number (SSN)

These values are encrypted while they are stored in the Galileo system, if they are stored at all. Galileo can provide some of these values to you if you are PCI compliant; otherwise, they are masked or replaced by spaces.

To become PCI compliant you must submit an Attestation of Compliance (AOC), which is a self-assessment questionnaire that measures an organization's conformity to Payment Card Industry Data Security Standards (PCI-DSS). Contact Galileo for more information on the different levels of PCI compliance and how you can fulfill the requirements.

The following values are affected by PCI compliance.


In most contexts, the PAN is masked by default such that only the first six and last four digits are visible, e.g., 452218XXXXXX3665. Galileo assigns a CAD to every PAN. If you are not PCI compliant, you can use the CAD to identify individual cards. Galileo recommends that you pass the CAD for accountNo instead of the PAN, where permitted by the endpoint.

The full PAN is available as follows when you are PCI compliant:

Expiry date

The expiry date of a card is PCI-sensitive data only when it accompanies the full PAN.


The CVV is returned in the card_security_code field of Program API endpoints only if you are PCI compliant.


Galileo never includes the PIN, masked or unmasked, in Program API responses, Events API messages, the Auth API, or the RDFs.

If you employ a Galileo PIN-set method in your interface, the PIN may pass through your system depending on the method:

  • Direct render — PIN does not pass through your system
  • Direct POST — PIN does pass through your system; PCI compliance required

If you want to provide the PIN to your cardholders, use the PIN Retrieval Service, which passes the PIN directly to the cardholder.


When passing the SSN in an enrollment endpoint, always use the id input parameter. This value is masked by default unless you are PCI compliant. The contents of the id2 input parameter, on the other hand, are never masked. See Using the id and idType parameters for more information.

The SSN of an account holder is returned by these Program API endpoints only when the CINFN provider parameter is set:

In the Customer Master RDF, the SSN field contains the SSN but not other values that you input for id. If you are not PCI compliant, you receive only blank spaces. The contents of the ID2 field are not masked.