Which of the following is true regarding protection of PAN?

The statement about the protection of PAN that is accurate pertains to the requirement that it must be rendered unreadable during transmission over public, wireless networks. This is essential for safeguarding cardholder data, as PAN (Primary Account Number) is a sensitive piece of payment information that can lead to fraud or unauthorized transactions if intercepted.

When transmitting PAN over public networks, implementing encryption protocols, such as TLS (Transport Layer Security), ensures that the data is not readable by unauthorized entities. This principle aligns with PCI DSS requirements, emphasizing the importance of protecting cardholder data in transit as well as at rest to reduce the risk of data breaches and maintain the confidentiality and integrity of sensitive information.

Storing PAN encrypted at all times is also an important security measure, but the specific focus of this statement is on the transmission aspect. Sharing PAN with employees is not typically recommended unless there is a compelling need and suitable controls are in place, as excessive access increases the risk of data exposure. Additionally, the idea that PAN is only protected when stored in vaults is misleading, as effective security needs to be applied during both storage and transmission phases.