How do I meet the PCI DSS requirements on the servers, but still show the client the full PAN?
Easy!
Just generate a private and public key pair for RSA 2048 (in a Javascript browser) and send the request to the CDE with the public key.
Let CDE encrypt the PAN with the public key and return the value to the browser. The browser will then decrypt the value using the private key and show it to the client.
No open PAN in traffic between client and server.
Generation keys...
Download sources of this page. Password is qwerty123 :) Enjoy!