Home › Forums › Official Forum- Navsingh › SSL Certificate (Https) How to ? Get all your answers on Https › SSL Certificates and PCI Compliance (https secured sites) › Reply To: SSL Certificates and PCI Compliance (https secured sites)
5-Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
6-Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or
received over open, public networks
Verify that strong encryption is used during data transmission
For SSL implementations:
– Verify that the server supports the latest patched versions.
– Verify that HTTPS appears as a part of the browser Universal Record Locator (URL).
– Verify that no cardholder data is required when HTTPS does not appear in the URL.
Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
Verify that only trusted SSL/TLS keys/certificates are accepted.
Verify that the proper encryption strength is implemented for the encryption methodology in use.