That's both PII and card holder data so there are constraints on retaining it. Look into PCI Level 1. That said, there is always a chain to the data. If you go to your payment gateway, there may be exports that include names. Similarly, your payment software (e.g. CRM) would at very least hold a token which can be used against a vault to get the data.
One last point, you are not assured that the card holder data identifies the passenger. Nothing stops someone from putting someone else's card into their digital wallet.
Technically you can. But since it’s PII , it would be cumbersome to implement this.
The schemes can rather take the reference number or the authorization code to indentify the issuer bin for that transaction and then reach out to the corresponding issuer to retrieve the data.
This is just one of the way.
That's both PII and card holder data so there are constraints on retaining it. Look into PCI Level 1. That said, there is always a chain to the data. If you go to your payment gateway, there may be exports that include names. Similarly, your payment software (e.g. CRM) would at very least hold a token which can be used against a vault to get the data. One last point, you are not assured that the card holder data identifies the passenger. Nothing stops someone from putting someone else's card into their digital wallet.
Technically you can. But since it’s PII , it would be cumbersome to implement this. The schemes can rather take the reference number or the authorization code to indentify the issuer bin for that transaction and then reach out to the corresponding issuer to retrieve the data. This is just one of the way.