nerdexam
Isaca

CDPSE · Question #328

A payment processor is implementing a system that uses algorithms on transaction logs to detect potentially fraudulent activities. What is the BEST way to handle customer data in this process?

The correct answer is A. Encrypt the customer data and decrypt only in cases of reasonable suspicion. This approach applies the principle of data minimization and proportionality - personal data is protected by default (encrypted) and only exposed when there is a justified reason (reasonable suspicion of fraud). Keeping data in clear text (C) unnecessarily exposes it. A reversibl

Privacy Architecture

Question

A payment processor is implementing a system that uses algorithms on transaction logs to detect potentially fraudulent activities. What is the BEST way to handle customer data in this process?

Options

  • AEncrypt the customer data and decrypt only in cases of reasonable suspicion
  • BEnforce multi-factor authentication (MFA) for the analysts working on the fraud alerts.
  • CKeep the customer data in clear text to allow for real-time response
  • DRun a reversible hash on the customer data to allow for quick identification

How the community answered

(34 responses)
  • A
    79% (27)
  • B
    6% (2)
  • C
    3% (1)
  • D
    12% (4)

Explanation

This approach applies the principle of data minimization and proportionality - personal data is protected by default (encrypted) and only exposed when there is a justified reason (reasonable suspicion of fraud). Keeping data in clear text (C) unnecessarily exposes it. A reversible hash (D) still allows re-identification and is not strong protection. Enforcing MFA for analysts (B) is a good access control but does not address how the data itself is protected at rest and during processing.

Topics

#Encryption#Data Minimization#Privacy by Design#Data Protection Technologies

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice