ExpertHard1 markMultiple Choice
CPA · Question 60 · Area II: Security
A company uses 'Tokenization' for credit card numbers. What is the primary benefit of tokenization over encryption for the merchant?
A company uses 'Tokenization' for credit card numbers. What is the primary benefit of tokenization over encryption for the merchant?
Answer options:
A.
Tokens can be mathematically reversed to find the card number.
B.
It reduces the scope of PCI DSS compliance because the merchant does not store the actual card data.
C.
Tokens are compatible with legacy systems that require 16-digit numbers.
D.
It eliminates the need for firewalls.
How to approach this question
Tokenization = Outsourcing the risk. You hold a worthless ticket, the bank holds the coat.
Full Answer
B.It reduces the scope of PCI DSS compliance because the merchant does not store the actual card data.✓ Correct
It reduces the scope of PCI DSS compliance because the merchant does not store the actual card data.
Tokenization replaces sensitive data with a non-sensitive equivalent (token). Since the merchant stores only the token (which is useless to hackers), their systems are often out of scope for many PCI DSS requirements.
Common mistakes
Thinking tokenization is just another form of encryption.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard