Skip to the main content.
Contact
Contact

What Is Sensitive Authentication Data in PCI Compliance?

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

  • “track” data from magnetic stripes
  • “track equivalent data” generated by chip and contactless cards
  • security validation codes (i.e. the 3-4 digit  number printed on cards) used for online and card not present transactions.
  • PINs

For more see the official PCI glossary.

CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?

CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?

Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence exploiting...

Read More
Why do some Issuers believe they don’t need to be PCI DSS compliant?

Why do some Issuers believe they don’t need to be PCI DSS compliant?

Documents from the PCI Council, MasterCard, and Visa clearly indicate that Issuers are required to be PCI DSS compliant (see Learn More below). Yet...

Read More
12 Tips To Avoid Credit Card Data Breaches

2 min read

12 Tips To Avoid Credit Card Data Breaches

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data Traditionally, ill-intentioned criminals have targeted banking institutions to...

Read More