An enterprise has decided to implement a new service that will process credit card information.
They will deploy this service within their private cloud. They have a relationship with a public cloud
provider that claims to be PCI compliant.
The enterprise wishes to implement a service that is PCI compliant with the least amount of effort.
The service is protected by a policy-based intrusion detection system. Cardholder data is securely
transmitted to the web interface.
Which additional design elements would best be suited for this implementation?

A.
The card number is masked as it is typed and is immediately encrypted and securely sent
directly to the credit card processing system. No credit card information is stored within the
application.

B.
The card number is masked as it is typed and is immediately encrypted, stored, and securely
sent directly to the credit card processing system. Credit card information is stored within the
public cloud provider using AES 128 encryption.

C.
The card number is masked as it is typed and is immediately encrypted and securely sent
directly to the credit card processing system. Credit card information is backed up to the private
cloud system and stored using AES 128 encryption.

D.
The card number is masked as it is typed and is immediately encrypted and securely sent to
both the credit card processing system and to private cloud for historical tracking and reporting
only.