Frequently Asked Question

PCI DSS Requirement 4.2 and its sub requirements state that transmission of cardholder data over an open or public network must be secured using strong cryptography and security protocols.

There may also be other protocols and processes that can meet the intent of this requirement. Whichever method is used, it must meet all applicable requirements, including that only secure versions and configurations are supported, and that the proper encryption strength is implemented for the encryption methodology in use.

Refer to the PCI DSS Glossary of Terms, Abbreviations, and Acronyms for additional information regarding 'strong cryptography'.