Sensitive Authentication Data
Sensitive authentication data (SAD) refers to security-related information used to authenticate cardholders and authorize payment card transactions, which must never be stored after authorization even if encrypted. This includes full magnetic stripe data, CAV2/CVC2/CVV2/CID security codes, and PIN/PIN blocks. While cardholder data such as the primary account number may be stored if properly protected, sensitive authentication data is prohibited from retention under PCI DSS requirements because its exposure could enable fraudulent transactions. Organizations must implement processes and technical controls to ensure sensitive authentication data is not logged, stored in memory longer than necessary, or retained in any form after the transaction authorization process completes.
See also:
Get to know us a little better
We love to chat and would welcome the opportunity to tell you more about what we do and what makes us different.
