PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > PA-DSS - Payment Application Data Security Standards > [PA-DSS] 12. Encrypt sensitive traffic over public networks

1. [PA_DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public networks, the payment application must support use of strong cryptography and security protocols such as secure sockets layer (SSL) / transport layer security (TLS) and, internet protocol security (IPSEC) to safeguard sensitive cardholder data during transmission over open, public networks.Examples of open, public networks that are in scope of the PCI DSS are the Internet, WiFi (IEEE 802.11x), global system for mobile communications (GSM), and general packet radio service (GPRS)
2. [PA_DSS] 12.2 The payment application must never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat)

vBulletin® v3.7.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.