u/bij0yy

So one of my customer uses Hashing for the cardholder data, here they hashes PAN with the cardholder name and uses salt to it and are hashed and stored in DB where the truncated card number is also there. They use SHA-256 hashing algorithm. So my question here is do we need to mandate using Keyed cryptographic Hashing algorithm? Is there any problem in saving this hashed value with the truncated card number or requirement 3.5.1 is only applicable for hashing of PAN alone?