Requirement 4

PCI DSS Requirement 4 | Encrypt Transmission of Cardholder Data across Open, Public Networks | PCI Sample Policies and Procedures | Order Today

PCI Requirement 4, “Encrypt transmission of cardholder data across open, public networks” requires merchants and service providers to ensure the safety and security of sensitive information traversing across unprotected networks.  Challenges for organizations regarding PCI DSS Requirement 4 include removing all vulnerable encryption protocols, while also ensuring cardholder data is protected (i.e., SSL port 443 HTTPS) when input into publically accessible e-commerce ordering systems.  Unencrypted email, facsimile (i.e., fax), end-user messaging systems – they’re all considered unencrypted and unprotected, so it’s important not to utilize these platforms regarding data transmission of sensitive information, such as cardholder data.  With that said, businesses having to comply with the PCI DSS standards would benefit from having PCI policies and procedures pertaining to the following:

•    Primary Account Numbers (PAN) will not be sent via unencrypted email.
•    Primary Account Numbers (PAN) will not be sent via an “Instant Messaging” protocol.
•    Primary Account Numbers (PAN) will not be sent via a chat protocol or forum sessions.

Also, please keep in mind that though there are no other requirements for PCI information security policies for Requirement 4 itself, there are other areas that essentially are supported by other PCI information security policies outside of Requirement 4.  Let’s give you a quick example. One of the tests to conduct for this area is to “verify the use of encryption” and that “strong encryption is used”. Obviously, one can examine the certificate process for obtaining SSL certificates and procedure documentation for helping validate that there is indeed encryption in place and that the encryption is “strong”.  With documented PCI policies and procedures from, you’ll receive PCI sample templates for Requirement 4 and for all other requirements as needed for compliance.

PCI Sample Policies for SAQ A – D, P2PE-HW, and Onsite Assessments | Order Today
Specifically, provides policy and procedure documents that map directly to each of the following PCI DSS compliance mandates for merchants and service providers:

•    SAQ A for Merchants
•    SAQ B for Merchants
•    SAQ C for Merchants
•    SAQ C-VT for Merchants
•    SAQ D for Merchants and Service Providers
•    SAQ P2PE-HW for Merchants
•    Onsite Assessments by PCI-QSA for Merchants and Service Providers

Purchase and immediately download your PCI Policies Packet today for SAQ A, B, C, C-VT, D, P2PE-HW, and Level 1 onsite assessments.

Policy and Procedure Writing Experts | Join us for Free PCI Webinars | Get Compliant Today
You get exactly what you need from a PCI policy and procedure perspective for each of the above PCI compliance mandates.  Ultimately, this provides piece of mind in knowing you’re covered from a policy and procedure perspective for compliance with the Payment Card Industry Data Security Standards.  Learn more about our policy and procedure writing services, the PCI certification process for both the Self-Assessment Questionnaires (SAQ A – D), and online Level 1 assessments and the importance of PCI sample policies and procedures for compliance.  Additionally, join us for our free PCI webinars to learn more about compliance.

Talk with one of our experts!

You're In

We just sent our latest PCI DSS Starter Toolkit right to your inbox.

You're In

Be sure to check your inbox... we just sent you our latest PCI DSS Starter Toolkit.

Where can we send your free PCI DSS Toolkit?

Privacy - We hate spam too and promise to keep your email address safe!



Access our most powerful toolkit yet!
Here’s what’s included…