- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
This is the fourth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. To read previous posts in this series, click on the links below:
Requirement 4 – Encrypt Transmission, the SSL/TLS Requirement
Requirement 4 states that sensitive data must be encrypted when traveling over open public networks. If you are sending data, i.e. payment card data, to another entity or a processor through an entity, this data must travel on secured internet connections. There are ways as a user to see if this is happening. Ensuring the site you are on is using HTTPS in the address is one way. Another way is most web browsers will have a warning page if the site does not contain the appropriate certificate or if that certificate is expired. What PCI compliant business entities must do is ensure proper communication channels are secured. In some cases, a payment gateway is used or developed, and secure ports and authentication mechanisms must be in place to the processor. Further steps like ensuring only the gateway’s internal IP can only connect to the processor’s IP addresses will add another layer of protection to the transmission.
Some common challenges that companies face within this requirement, due to its technical nature, include:
These challenges are just some of the areas within the PCI DSS requirements that many of our client’s face. Another area where our client’s experience challenges are keeping track of the various requirements that must be completed on a quarterly, semi-annual, and annual basis for PCI Compliance. Therefore, Compass IT Compliance has created our PCI Compliance checklist, one for service providers and one for merchants. This simple, easy to use checklist gives you the PCI requirements, what you must do to achieve/maintain compliance, and how often you need to complete each requirement. To download your copy today, click on the button below!