Which data element must not be stored after authorization (auth)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Boost your readiness for the PCI DSS Requirements Exam with engaging flashcards and comprehensive multiple choice questions. Each comes with hints and explanations to maximize your understanding!

Multiple Choice

Which data element must not be stored after authorization (auth)?

Explanation:
Storing certain card data after authorization is prohibited because it remains highly sensitive and could be misused if breached. The card verification code or value is used only to verify the card at the moment of authorization and should never be stored for later use. PCI DSS requires that this value not be stored after authorization, even if encrypted, to reduce the risk of fraud. Other data elements like the PAN, service code, and cardholder name can be stored under proper protection (such as masking or encryption) according to PCI DSS, but the verification code must not be kept once authorization is complete.

Storing certain card data after authorization is prohibited because it remains highly sensitive and could be misused if breached. The card verification code or value is used only to verify the card at the moment of authorization and should never be stored for later use. PCI DSS requires that this value not be stored after authorization, even if encrypted, to reduce the risk of fraud. Other data elements like the PAN, service code, and cardholder name can be stored under proper protection (such as masking or encryption) according to PCI DSS, but the verification code must not be kept once authorization is complete.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy