CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following details should not be stored in PCI Card Info Storage?

  1. Cardholder name

  2. Card number

  3. CVV2

  4. Expiry date

The correct answer is: CVV2

Storing the CVV2 (Card Verification Value) is prohibited according to the Payment Card Industry Data Security Standard (PCI DSS). This security feature is designed to help verify that the person making the transaction possesses the physical card and is often used as an additional layer of protection against fraud during card-not-present transactions. The rationale behind this prohibition is rooted in risk management; if stored, the CVV2 can be exploited by attackers to conduct unauthorized transactions, especially since it is a security feature intended for one-time use during the authorization process. In contrast, the cardholder name, card number, and expiry date, while also sensitive information that requires strict protection measures, can be stored under specific regulatory conditions provided that they are adequately protected according to PCI DSS guidelines.

More Questions Like This