PCI Requirement 4.2 – Never Send Unprotected PAN by End-User Technologies

by Randy Bartels / February 7, 2023

If there are situations within your organization when you need to send or receive emails that contain sensitive cardholder data information like Primary Account Numbers (PAN), that is acceptable as long as you’re in compliance with PCI Requirement 4.2. It states, “Never send unprotected PANs by end-user messaging technologies.” This includes through email, instant messaging, chat systems, SMS, etc. The purpose of PCI Requirement 4.2 is to protect sensitive information…

Read More

PCI Requirement 4.1.1 – Ensure Wireless Network Transmitting CHD or Connected to CDE Uses Strong Encryption

by Randy Bartels / February 7, 2023

Wireless networks are a part of our everyday technology environment. It’s almost impossible to get away from it, be it your cell phone, laptop, watch, tablet, television…the list goes on and on. Wireless networks are extremely prevalent to our culture. Think about how many restaurants you go to that have table side payment. How does your payment get processed? Over a wireless network. That’s where PCI Requirement 4.1.1 comes into…

Read More

PCI Requirement 4.1 – Use Strong Cryptography and Security Protocols to Safeguard Sensitive CHD During Transmission

by Randy Bartels / February 7, 2023

If your organization transmits sensitive cardholder data over an open or public network, that data must be encrypted using strong cryptography and security protocols, according to PCI Requirement 4.1. Examples of open, public networks include the Internet, Bluetooth, cell phones/GSM, wireless Internet, etc. The purpose of this requirement is to prevent attackers from obtaining data while in transit, which is a common practice. Best practices for safeguarding sensitive cardholder data…

Read More