A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?
A) post-authorization by non-issuing entities if there is a documented business justification
B) by entities that issue the payment cards or that perform support issuing services
C) post-authorization by non-issuing entities if the data is encrypted and securely stored
D) by issuers and issuer processors if there is a legitimate reason

Question

A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?
A) post-authorization by non-issuing entities if there is a documented business justification
B) by entities that issue the payment cards or that perform support issuing services
C) post-authorization by non-issuing entities if the data is encrypted and securely stored
D) by issuers and issuer processors if there is a legitimate reason

Quizplus · Accepted Answer

The Answer of A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?
A) post-authorization by non-issuing entities if there is a documented business justification
B) by entities that issue the payment cards or that perform support issuing services
C) post-authorization by non-issuing entities if the data is encrypted and securely stored
D) by issuers and issuer processors if there is a legitimate reason

A Company Recently Started Accepting Credit Card Payments in Their