Sensitive authentication data may be transmitted or processed as part of a payment transaction, but what is the key storage rule?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Sensitive authentication data may be transmitted or processed as part of a payment transaction, but what is the key storage rule?

Explanation:
The key rule here is that sensitive authentication data cannot be stored. You may transmit or process it as needed to complete a payment, but you must discard it after authorization and refrain from saving it anywhere in your systems. This protects against reuse of data like full track data, CVV/CVV2, PIN blocks, or other SAD if a breach occurs. Encrypting the data or handling it during the transaction does not override this prohibition—storage of SAD is not allowed, even in encrypted form. Only non-sensitive data or tokenized form should be retained for any future use.

The key rule here is that sensitive authentication data cannot be stored. You may transmit or process it as needed to complete a payment, but you must discard it after authorization and refrain from saving it anywhere in your systems. This protects against reuse of data like full track data, CVV/CVV2, PIN blocks, or other SAD if a breach occurs. Encrypting the data or handling it during the transaction does not override this prohibition—storage of SAD is not allowed, even in encrypted form. Only non-sensitive data or tokenized form should be retained for any future use.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy