Cardholders name is PCI data. So in most cases the customer?s name and the cardholders name would fall under the auspices of PCIDSS. This is definitely a breach.
This is not true, I used to work in the industry and you can use a hosted credit card solution (where you transfer customers to a secure payment page) without needing PCI compliance.
If it were correct, and the card holder name needed to be secure, the company I worked at would not have received level 1 PCI compliance. The solution sends back the truncated card number, expiry date and the full card holder name.
Of course I'm assuming the banks wouldn't want you to make that data public, but you are allowed to store it without needing to be PCI compliant.
CVV code is another matter, under no circumstances are you allowed to store it, unless you're a level 1 compliant payment processor.
