Which statement best reflects wireless network security when transmitting cardholder data?

• A. Do not use wireless networks to transmit cardholder data.
• B. WEP is prohibited; use IEEE 802.11i for strong encryption.
• C. WEP is allowed if you use a password.
• D. IEEE 802.11i is optional.

Answer: (B)

Protect cardholder data in wireless transmissions with strong, modern encryption rather than older, vulnerable protocols. WEP has well-known flaws and can be cracked quickly because it uses small IVs and weaker encryption, so it does not provide adequate protection for cardholder data. IEEE 802.11i, which corresponds to WPA2 with AES (CCMP), offers robust encryption, stronger integrity, and better authentication, making it the appropriate standard for securing wireless transmissions of sensitive payment data. Saying that WEP is allowed with a password or that 802.11i is optional wouldn’t meet the protection level required. The guidance is to use the strong encryption provided by 802.11i to safeguard data in transit over wireless networks.