«
»

Encrypting Transmission of Cardholder Data and PCI Compliance

Requirement 4: Encrypt transmission of cardholder data across open, public networks

The next part of PCI compliance involves the transmission of cardholder data. The first portion of this states that a business must use strong encryption such as SSL/TLS or IPSEC. This applies to all transmissions that take place on the internet, wirelessly, using GSM, or using GPRS. Next, wireless data must use industry best practices, mainly IEEE 802.11i when transmitting cardholder data. Finally, never transmit PAN’s by end-user messaging means such as email or instant messaging.

This entry was posted on Monday, April 20th, 2009 at 9:53 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image