What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the downstream system for payment processing?
What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the downstream system for payment processing?
The best method for securing credit card numbers stored temporarily on a file server prior to transmission is encryption with strong cryptography. This ensures that even if the data is accessed by unauthorized individuals, it will be unreadable and secure. Masking and truncation are not suitable because they do not fully protect the entire credit card number, and a one-way hash is not reversible, making it unusable for further processing by the payment system.
Answer is B. how do you mask a file server?
Answer should be B as encryption is the best protection
Because it is only temporarily stored, if encryption is used, it will cause redundant operations, and it is better to use masking.
i vote for B. If masking is being used here, how the data is processed by payment system. Once the data is masked, you cannot retrieve the original data hence the payment system cannot use this data. Therefore, i vote for encryption here.
A for sure
Encryption
Encryption with strong cryptography
It should be A
Pls explain why masking is better than encryption
Why not D, 1 way hash ; as B only says encryption , so it can be symmetric also
hash is not reversible, so you can only check the hash again another hash coming from the same "data", sending the hash over would be useless if the information of the credit card is not already with the other party.
Agree, answer should be A , as Q says prior to transmission, and encryption ensures integrity during transmission via cryptographic key pairs
Vote for B. – based on the case study in the ISACA Manual 27th ed: § 3.8.1 – “… forwards all sales data over a frame relay network to database servers located at the retailer’s corporate headquarters, with strong encryption applied to the data, which are then sent over a virtual private network (VPN) to the credit card processor for approval of the sale….”