Which item is considered sensitive authentication data that should not be stored after authorization?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which item is considered sensitive authentication data that should not be stored after authorization?

Explanation:
The key concept here is that certain data used to verify a card during a transaction should not be retained after authorization. The card verification code (CVC/CVV) is specifically designed to confirm the card is in the holder’s possession at the time of the encounter, not to be stored for future use. PCI DSS prohibits storing this value after the authorization process, even if it’s encrypted, to reduce the risk of theft or misuse of that highly sensitive data. Explain more: The primary account number (PAN) is the card number and can be stored if properly protected (for example, encrypted or tokenized). The cardholder name and the expiration date are not considered sensitive authentication data and can be stored under PCI controls as needed. The important distinction is that the CVV/CVC is intended for one-time use during the transaction and should never be kept after authorization.

The key concept here is that certain data used to verify a card during a transaction should not be retained after authorization. The card verification code (CVC/CVV) is specifically designed to confirm the card is in the holder’s possession at the time of the encounter, not to be stored for future use. PCI DSS prohibits storing this value after the authorization process, even if it’s encrypted, to reduce the risk of theft or misuse of that highly sensitive data.

Explain more: The primary account number (PAN) is the card number and can be stored if properly protected (for example, encrypted or tokenized). The cardholder name and the expiration date are not considered sensitive authentication data and can be stored under PCI controls as needed. The important distinction is that the CVV/CVC is intended for one-time use during the transaction and should never be kept after authorization.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy