Reply To: SSL Certificates and PCI Compliance (https secured sites)

#3289 Reply

Nav Singh
Keymaster

5-Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.

6-Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or
received over open, public networks

Verify that strong encryption is used during data transmission
For SSL implementations:
– Verify that the server supports the latest patched versions.
– Verify that HTTPS appears as a part of the browser Universal Record Locator (URL).
– Verify that no cardholder data is required when HTTPS does not appear in the URL.

Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
Verify that only trusted SSL/TLS keys/certificates are accepted.
Verify that the proper encryption strength is implemented for the encryption methodology in use.

Official Forum

This is the Official Forum of Navsingh a community that helps you find answers to all of your problems,they can be Java/programming,wordpress,android, android programming, seo related or technology related