Topic 1 Question 15
Your application needs to process credit card transactions. You want the smallest scope of Payment Card Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used. How should you design your architecture?
Create a tokenizer service and store only tokenized data
Create separate projects that only process credit card data
Create separate subnetworks and isolate the components that process credit card data
Streamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI data
Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor
ユーザの投票
コメント(17)
Final Decision to go with Option A. I have done PCI DSS Audit for my project and thats the best suited case. 100% sure to use tokenised data instead of actual card number
👍 37AD2AD42020/05/27To minimize the scope of Payment Card Industry (PCI) compliance while still allowing for the analysis of transactional data and trends related to payment methods, you should consider using a tokenizer service and storing only tokenized data, as described in option A.
Tokenization is a process of replacing sensitive data, such as credit card numbers, with unique, randomly-generated tokens that cannot be used for fraudulent purposes. By using a tokenizer service and storing only tokenized data, you can reduce the scope of PCI compliance to only the tokenization service, rather than the entire application. This can help minimize the amount of sensitive data that needs to be protected and reduce the overall compliance burden.
👍 13omermahgoub2022/12/20A as per GCP document https://cloud.google.com/architecture/tokenizing-sensitive-cardholder-data-for-pci-dss
👍 3amxexam2021/08/24
シャッフルモード