Skip to the main content.
Contact
Contact

What Is Sensitive Authentication Data in PCI Compliance?

Picture of David Gamey David Gamey : Dec 20, 2020 10:07:14 PM

pci
What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

  • “track” data from magnetic stripes
  • “track equivalent data” generated by chip and contactless cards
  • security validation codes (i.e. the 3-4 digit  number printed on cards) used for online and card not present transactions.
  • PINs

For more see the official PCI glossary.
Why do some Issuers believe they don’t need to be PCI DSS compliant?

Why do some Issuers believe they don’t need to be PCI DSS compliant?

Picture of David Gamey David Gamey : Jul 19, 2021 10:07:00 PM

Documents from the PCI Council, MasterCard, and Visa clearly indicate that Issuers are required to be PCI DSS compliant (see Learn More below). Yet...

pci
Read More
Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values

Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values

Picture of David Gamey David Gamey : Aug 26, 2021 10:07:00 PM

Card Not Present Security Codes/Values are the 3 and 4 digit printed numbers on your payment cards used to verify card-not-present transactions. PCI...

pci Credit cards
Read More
The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules

8 min read

The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules

Picture of David Gamey David Gamey : Aug 5, 2021 10:07:00 PM

It turns out that how you implement e-commerce can have a huge impact on your compliance footprint (i.e., the number of PCI security controls...

pci Magecart DOM ecommerce
Read More