What Is Sensitive Authentication Data in PCI Compliance?

David Gamey David Gamey : Dec 20, 2020 10:07:00 PM

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions.

Similar to cardholder data, PCI DSS requires protection of SAD. Additionally SAD can’t be retained (stored) by merchants and their payment processors. SAD includes the following:

  • “track” data from magnetic stripes
  • “track equivalent data” generated by chip and contactless cards
  • security validation codes (i.e. the 3-4 digit  number printed on cards) used for online and card not present transactions.
  • PINs

For more see the official PCI glossary.
8-Digit BINs and the Great PCI Truncation Reset | pci,blog | Control Gap

8-Digit BINs and the Great PCI Truncation Reset | pci,blog | Control Gap

David Gamey David Gamey : Jan 20, 2022 12:00:00 AM

Visa, MasterCard, Discover, JCB, and Union Pay hit ‘reset’ on the PCI DSS truncation rules in...

Read More
Securing PAN Using Keyed Cryptographic Hashing in PCI DSS v4.0.1

Securing PAN Using Keyed Cryptographic Hashing in PCI DSS v4.0.1

Joel Weisz : Mar 13, 2025 12:00:00 AM

Securing PAN Using Keyed Cryptographic Hashing in PCI DSS v4.0.1

Read More
How to protect against username enumeration on log in, registration, and password reset forms

How to protect against username enumeration on log in, registration, and password reset forms

Vishal Tomar : Jul 6, 2022 12:00:00 AM

Username enumeration (sometimes called account enumeration) is when it is possible for a hacker to...

Read More