"For wireless networks transmitting cardholder data or connected to cardholder environments, verify that appropriate encryption methodologies are used for any wireless transmissions, such as: Wi-Fi Protected Access (WPA or WPA2), IPSEC VPN, or SSL/TLS."
It's unlikely that the PCI Security Standards Council will ever require the use of encryption over dedicated lines....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The passing of unencrypted data over a closed network carries only a small risk, and there are simply much greater threats that the PCI DSS must protect against. We're far more likely to see changes similar to the stricter revisions of the PCI Data Security Standard version 1.1. For example, we might see additional requirements limiting the storage of cardholder data or requiring more stringent reviews of security controls.
The implications of such an encryption requirement would be broad and far-reaching. Consider, for example, the public switched telephone network (PSTN). As a closed, non-public system, you're not currently required to use encryption when passing cardholder information over it. If the PCI DSS required encryption over telephone lines, virtually every dial-up credit card terminal in the world would need to be replaced with a model that supports encryption. And that's just one example. So in my opinion, it's unlikely to happen, and enterprises shouldn't spend time planning for this scenario.
Dig Deeper on Disk Encryption and File Encryption
Related Q&A from Mike Chapple
The rights of medical identity theft victims have been confused by health providers, but the rules under HIPAA are actually quite clear. Expert Mike ...continue reading
The New York State Department of Financial Services announced plans to increase cybersecurity regulations for financial firms. Here's what they need ...continue reading
Smaller organizations have a tougher time handling the compliance burden, specifically from the PCI DSS requirements. Expert Mike Chapple has some ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.