In this article
Purpose
This document establishes a formal standard for the encryption of cardholder data whenever transmitted across open networks and outlines the related requirements specified in the Payment Card Industry Data Security Standards (PCI DSS) that must be implemented into all UMD network infrastructures that are processing cardholder data.
Additional authority
The following standards help guide the content of this document: Payment Card Industry Data Security Standard - Requirement 4.
Scope
This standard applies to all UMD IT elements that are attached to a Cardholder Data Environment (CDE) network. All systems processing cardholder data full Primary Account Number (PAN) or full PAN plus any of the following: Cardholder name, expiration date, service code, information from magnetic strip or card chip, and/or Personal Identification Number (PIN) must only be connected to a designated CDE network. Further, this standard also applies to all forms of storage media including paper.
Standard
Given the potential for criminals to intercept transmissions of cardholder data over open, public networks, it is essential to block their ability to view this data. Encryption is one technique that can be used to render transmissions unreadable to unauthorized persons.
NOTE: As a general rule, every PCI Standard should be reviewed annually and updated as needed to reflect changes to business objectives or the risk environment.
Requirements
- Use strong encryption and security protocols to protect cardholder data during transmission over open, public networks (e.g. Internet, wireless technologies, cellular, packet radio, etc.). Ensure that wireless networks transmitting cardholder data or connected to the CDE implement strong encryption for authentication and transmission of cardholder data.
- Never send unprotected PAN by end-user messaging technologies (e.g. e-mail, instant messaging, SMS, chat, etc.)
- Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties.