What Is Sensitive Authentication Data in PCI Compliance?

Picture of David Gamey David Gamey : Dec 20, 2020 10:07:14 PM

pci

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

“track” data from magnetic stripes
“track equivalent data” generated by chip and contactless cards
security validation codes (i.e. the 3-4 digit number printed on cards) used for online and card not present transactions.
PINs

For more see the official PCI glossary.

What Is Cardholder Data In PCI Compliance?

David Gamey : Jan 16, 2017 10:07:00 PM

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the...

pci

The Art of Reading a PCI Attestation of Compliance (AoC)

David Gamey : Mar 22, 2023 9:00:00 AM

PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...

pci PCI 4.0 Supply Chain third-party AOC

PCI Compliance and the Intel AMT Vulnerability

David Gamey : May 15, 2017 10:07:00 PM

On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT) firmware...

pci

What Is Sensitive Authentication Data in PCI Compliance?

What Is Cardholder Data In PCI Compliance?

The Art of Reading a PCI Attestation of Compliance (AoC)

PCI Compliance and the Intel AMT Vulnerability

Services

About Us

Knowledge Base

Contact