#3289 Reply

Nav Singh

5-Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.

6-Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or
received over open, public networks

Verify that strong encryption is used during data transmission
For SSL implementations:
– Verify that the server supports the latest patched versions.
– Verify that HTTPS appears as a part of the browser Universal Record Locator (URL).
– Verify that no cardholder data is required when HTTPS does not appear in the URL.

Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
Verify that only trusted SSL/TLS keys/certificates are accepted.
Verify that the proper encryption strength is implemented for the encryption methodology in use.