What Is Sensitive Authentication Data in PCI Compliance?
Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.
Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:
- “track” data from magnetic stripes
- “track equivalent data” generated by chip and contactless cards
- security validation codes (i.e. the 3-4 digit number printed on cards) used for online and card not present transactions.
For more see the official PCI glossary.
Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant.