Comments on: PCI DSS Requirement 4.1: Protecting Cardholder Data with SSL and TLS http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/ Practical Implementation Guidance on the Payment Card Industry Data Security Standard Tue, 31 Jan 2012 16:19:53 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Raider http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-8779 Raider Tue, 01 Nov 2011 08:33:43 +0000 http://www.pcidssguru.com/?p=7#comment-8779 Hi all, Does anyone know how the issued SSL certificate must be stored according to PCI DSS? Do requirements 3.5, 3.6 apply to SSL certificates? Hi all,

Does anyone know how the issued SSL certificate must be stored according to PCI DSS? Do requirements 3.5, 3.6 apply to SSL certificates?

]]> By: Igor http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-8508 Igor Wed, 26 Oct 2011 08:12:50 +0000 http://www.pcidssguru.com/?p=7#comment-8508 Hi all, again question regarding GPRS POS. If we use separate private APN and our traffic is encrypted from provider router towards bank internal network, is there need for SSL? So, traffic is not encrypted end-to-end with IPSec, but from providers first router. Also, GPRS isn't going clear over the air, it is also encrypted with some provider based algorithm, unfortunately not secure anymore (http://en.wikipedia.org/wiki/A5/1) Hi all,

again question regarding GPRS POS. If we use separate private APN and our traffic is encrypted from provider router towards bank internal network, is there need for SSL?
So, traffic is not encrypted end-to-end with IPSec, but from providers first router. Also, GPRS isn’t going clear over the air, it is also encrypted with some provider based algorithm, unfortunately not secure anymore (http://en.wikipedia.org/wiki/A5/1)

]]> By: Vsevolod Kolchinsky http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-8250 Vsevolod Kolchinsky Fri, 21 Oct 2011 09:16:58 +0000 http://www.pcidssguru.com/?p=7#comment-8250 IPSEC with appropriate key management procedure obviously enough to safeguard data IPSEC with appropriate key management procedure obviously enough to safeguard data

]]> By: Marinko http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-8162 Marinko Wed, 19 Oct 2011 06:01:14 +0000 http://www.pcidssguru.com/?p=7#comment-8162 Hi. I have one question about GPRS. Is it enought to use Internet protocol security (IPSEC) to safeguard sensitive cardholder data or I sould use something more (like SSL)? I 'm ussing GPRS APN to send data. Hi.

I have one question about GPRS. Is it enought to use Internet protocol security (IPSEC) to safeguard sensitive cardholder data or I sould use something more (like SSL)?
I ‘m ussing GPRS APN to send data.

]]> By: Big John http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-8136 Big John Tue, 18 Oct 2011 15:55:44 +0000 http://www.pcidssguru.com/?p=7#comment-8136 The mobile network providers encrypt data while in transit over their networks (3G). Does anybody know if this enctyption is addequate in addressing PCI requirements? The mobile network providers encrypt data while in transit over their networks (3G). Does anybody know if this enctyption is addequate in addressing PCI requirements?

]]> By: Simon http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-6654 Simon Sat, 17 Sep 2011 09:43:07 +0000 http://www.pcidssguru.com/?p=7#comment-6654 I onle have a GSM terminal to process my transactions, therefore what will I need to be compliant? I onle have a GSM terminal to process my transactions, therefore what will I need to be compliant?

]]> By: SgtShultz http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-1114 SgtShultz Thu, 10 Jun 2010 16:46:24 +0000 http://www.pcidssguru.com/?p=7#comment-1114 My understanding of MPLS is that PCI still considers this a private network. However I have been told that this may change in v1.3! My understanding of MPLS is that PCI still considers this a private network. However I have been told that this may change in v1.3!

]]> By: Joaquim http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-724 Joaquim Wed, 26 Aug 2009 09:37:29 +0000 http://www.pcidssguru.com/?p=7#comment-724 As per PCIDSS standards, do MPLS and Lease Lines come into the "OPEN" network? As per PCIDSS standards, do MPLS and Lease Lines come into the “OPEN” network?

]]> By: admin http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-99 admin Sat, 10 Jan 2009 22:45:05 +0000 http://www.pcidssguru.com/?p=7#comment-99 I've never worked with a merchant using GPRS APNs, but I believe it would still meet the definition of a public network. You're transmitting data over the air, so it needs to be encrypted. I’ve never worked with a merchant using GPRS APNs, but I believe it would still meet the definition of a public network. You’re transmitting data over the air, so it needs to be encrypted.

]]> By: Andrew http://www.pcidssguru.com/encryption/ssl_tls_pci_dss/comment-page-1/#comment-43 Andrew Fri, 03 Oct 2008 09:19:13 +0000 http://www.pcidssguru.com/?p=7#comment-43 Hi, i have some doubts about this sentence: “Examples of open, public networks that are in scope of the PCI DSS (...) and general packet radio service (GPRS)” What if we use our GPRS APN to send data, so nobody else can connect to this APN. It's still public network? Hi,
i have some doubts about this sentence:
“Examples of open, public networks that are in scope of the PCI DSS (…) and general packet radio service (GPRS)”

What if we use our GPRS APN to send data, so nobody else can connect to this APN. It’s still public network?

]]>