Payment Card Industry (PCI) Data Security Standards Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Payment Card Industry (PCI) Data Security Standards Test. Study with multiple choice questions, hints, and explanations. Get ready to excel in your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

According to PCI DSS, which method is NOT recommended for protecting cardholder data?

  1. Encrypting cardholder data in transit

  2. Storing cardholder data indefinitely

  3. Securely deleting unnecessary cardholder data

  4. Restricting access to cardholder data

The correct answer is: Storing cardholder data indefinitely

The practice of storing cardholder data indefinitely is not recommended according to PCI DSS guidelines. PCI DSS emphasizes the importance of minimizing the amount of sensitive data stored and retaining cardholder data only as long as necessary for legal, regulatory, and business requirements. By storing cardholder data indefinitely, organizations increase their risk of data breaches and unauthorized access, as prolonged storage of sensitive information can lead to greater exposure to attacks. Compliance with PCI DSS encourages organizations to regularly review and securely delete any data that is no longer needed, thereby reducing the potential security risks associated with unnecessary data retention. The other methods mentioned, such as encrypting cardholder data in transit, securely deleting unnecessary data, and restricting access to sensitive information, are all strongly endorsed by PCI DSS as they provide essential security measures to protect cardholder data from unauthorized access and potential breaches.

More Questions Like This