nerdexam
Exams220-1002Questions#564
CompTIA

220-1002 · Question #564

220-1002 Question #564: Real Exam Question with Answer & Explanation

The correct answer is B: PCI. PCI DSS (Payment Card Industry Data Security Standard) governs how organizations must handle cardholder data, including credit card numbers and expiration dates. One of its core requirements is that sensitive authentication data must never be stored in plaintext - especially on u

Question

An employee is taking a credit card payment over the phone, but the payment system has a temporary outage. To avoid inconveniencing the customer, the employee writes down the credit card number and expiration date on a notepad to be entered later. This is in violation of:

Options

  • APHI
  • BPCI
  • CPll
  • DPGP

Explanation

PCI DSS (Payment Card Industry Data Security Standard) governs how organizations must handle cardholder data, including credit card numbers and expiration dates. One of its core requirements is that sensitive authentication data must never be stored in plaintext - especially on unsecured physical media like a notepad. Writing down a card number to enter later is a direct violation of PCI DSS. PHI (A) relates to medical records under HIPAA. PII (C) is a broader category of personal data. PGP (D) is an encryption protocol, not a compliance standard.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice