The Primary Account Number (PAN) is the full payment card number printed on the card. It is the most sensitive data element in card processing and the primary target of PCI DSS controls. Every time PAN transits or rests on merchant infrastructure, scope expands: more systems fall under assessment, more controls apply, and breach impact grows.
Network tokenization exists partly to keep PAN out of merchant and PSP vaults. A network token is not merely an encrypted PAN; it is a separate credential with its own lifecycle, updater events, and authorization artifacts. Storing PAN “just in case” undermines those benefits and duplicates risk.
Practical estates are rarely 100% tokenized on day one. Some cards, regions, or MCCs still require PAN for authorization until scheme support catches up. The architectural goal is to minimize PAN retention, isolate it in a Level 1 vault when unavoidable, and never tie PAN storage to a single PSP’s proprietary token format.
Veliro’s model keeps PAN out of your application servers via Secure Fields (SAQ-A eligible capture) and provisions network tokens under your TRID where schemes allow. Where PAN fallback is required, it sits in tenant-isolated vault custody under the same tok_* reference, so PSP switches change routing, not your stored credential identifiers.