In PCI DSS context, which statement is true about WEP?

WEP is an outdated wireless encryption protocol with serious weaknesses that fail to meet PCI DSS protection requirements. Its design relies on RC4 with short, static initialization vectors, which leads to IV reuse, easy key recovery, and the ability for attackers to decrypt traffic or inject packets. Because PCI DSS aims to safeguard transmission of cardholder data with strong cryptography, WEP does not provide adequate protection and must not be used in networks within PCI scope. Therefore it should be disabled and replaced with modern, stronger security like WPA2 with AES (and WPA3 where possible), typically with 802.1X authentication for enterprise networks. Also note that WEP is a wireless protocol, not a wired one, so the statement about it being for wired networks isn’t accurate. The key point is its known weaknesses require banning WEP in PCI-enabled environments to ensure cardholder data remains protected in transit.