What Is Sensitive Authentication Data in PCI Compliance?

Picture of David Gamey David Gamey : Dec 20, 2020 10:07:14 PM

pci

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

“track” data from magnetic stripes
“track equivalent data” generated by chip and contactless cards
security validation codes (i.e. the 3-4 digit number printed on cards) used for online and card not present transactions.
PINs

For more see the official PCI glossary.

What Is Cardholder Data In PCI Compliance?

David Gamey : Jan 16, 2017 10:07:00 PM

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the...

pci

Achieving SOC 2 Compliance for Cloud Services

CG Blogger : Dec 5, 2024 12:28:51 PM

As companies rely more on cloud services, cybersecurity frameworks like System and Organization Controls have become essential for establishing trust...

pci Cybersecurity PCI 4.0 pen-testing SOC 2 compliance

The Art of Reading a PCI Attestation of Compliance (AoC)

David Gamey : Mar 22, 2023 9:00:00 AM

PCI Attestations of Compliance (AoCs) provide organizations with a tool that helps with the all-important aspects of third-party due diligence. Yet...

pci PCI 4.0 Supply Chain third-party AOC

What Is Sensitive Authentication Data in PCI Compliance?

What Is Cardholder Data In PCI Compliance?

Achieving SOC 2 Compliance for Cloud Services

The Art of Reading a PCI Attestation of Compliance (AoC)

Services

About Us

Knowledge Base

Contact