What Is Sensitive Authentication Data in PCI Compliance? | blog | Control Gap

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

• “track” data from magnetic stripes
• “track equivalent data” generated by chip and contactless cards
• security validation codes (i.e. the 3-4 digit  number printed on cards) used for online and card not present transactions.
• PINs

For more see the official PCI glossary.