Payment Card Industry Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards from the major card schemes. All Program Managers who handle customer card data must be compliant with this standard. See: https://www.pcisecuritystandards.org/pci_security/
If you are not PCI DSS Level 1 compliant, you are not able to retrieve the full PAN
The Primary Account Number. The PAN is the 16 digit number that uniquely identifies a payment card such as a credit card, debit card, or gift card. The PAN is printed or embossed on a physical card and can also be associated with a virtual card. The first 6 digits are the Bank Identification Number (BIN), with the remaining digits identifying the specific account. from the Thredd platform. In this case, Thredd provides a number of options to support your requirements:
Using the Thredd Public Token
Customers who are not PCI DSS compliant must use the Thredd-created Public token, which is unique per card, and which is used to query and manage all transactions on that card. The public token is generated when you submit a Create Card request using the Thredd web services or Cards API, and is returned in the response to your request.