What Is Sensitive Authentication Data in PCI Compliance?

Picture of David Gamey David Gamey : Dec 20, 2020 10:07:14 PM

pci

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

“track” data from magnetic stripes
“track equivalent data” generated by chip and contactless cards
security validation codes (i.e. the 3-4 digit number printed on cards) used for online and card not present transactions.
PINs

For more see the official PCI glossary.

What Is Cardholder Data In PCI Compliance?

David Gamey : Jan 16, 2017 10:07:00 PM

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the...

pci

What The CIA WikiLeaks Dump Has In Common With PCI Compliance

David Gamey : Mar 14, 2017 10:07:00 PM

In recent news, WikiLeaks exposed a huge trove of CIA documents. Journalists and bloggers will of course have a field day with this and the general...

pci SHA

PCI Compliance and the Intel AMT Vulnerability

David Gamey : May 15, 2017 10:07:00 PM

On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT) firmware...

pci

What Is Sensitive Authentication Data in PCI Compliance?

What Is Cardholder Data In PCI Compliance?

What The CIA WikiLeaks Dump Has In Common With PCI Compliance

PCI Compliance and the Intel AMT Vulnerability

Services

About Us

Knowledge Base

Contact