210-255 · Question #10
Which data element must be protected with regards to PCI?
The correct answer is C. full name. PCI DSS explicitly lists cardholder name (full name) as a protected cardholder data element that must be secured.
Question
Which data element must be protected with regards to PCI?
Options
- Apast health condition
- Bgeographic location
- Cfull name
- Drecent payment amount
How the community answered
(25 responses)- A8% (2)
- B4% (1)
- C88% (22)
Why each option
PCI DSS explicitly lists cardholder name (full name) as a protected cardholder data element that must be secured.
Past health condition is Protected Health Information (PHI) regulated under HIPAA, not a PCI DSS cardholder data element.
Geographic location is primarily addressed by privacy regulations such as GDPR and is not a core PCI DSS-protected data element.
PCI DSS defines cardholder data to include the Primary Account Number (PAN), cardholder name, expiration date, and service code. Full name (cardholder name) is one of these explicitly enumerated data elements subject to PCI DSS protection requirements when stored, processed, or transmitted. This distinguishes PCI scope from other regulatory frameworks such as HIPAA or GDPR.
Payment amounts are part of transaction records but are not among the specifically enumerated cardholder data elements that PCI DSS mandates protection for.
Concept tested: PCI DSS cardholder data protection requirements
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.