Requirement 4: Encrypt Transmission Of Cardholder Data Across Open, Public Networks - VeriFone Vx520 Implementation Manual
Payment core
Hide thumbs
Also See for Vx520:
- Reference manual (190 pages) ,
- Installation manual (64 pages) ,
- User manual (37 pages)
Table of Contents
Advertisement
If you store ( as needed for business) cardholder data please don't use a public-facing systems (for
example, web server and database server must not be on same server).
Do not utilize end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.) to
send unprotected PAN unless they are configured to provide strong encryption.
Note: Sending of unprotected PANs via end-user messaging technologies strictly prohibited.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
a. What the requirement says
"Sensitive information must be encrypted during transmission over networks that are easily ac-
cessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy en-
cryption and authentication protocols continue to be targets of malicious individuals who exploit
these vulnerabilities to gain privileged access to cardholder data environments.", reference 2.
b. How your Point Vx helps you meet this requirement
The Point Vx encrypts card holder data using triple DES with a unique key per transaction. On top of
that the entire messages sent to and from the Point Vx are protected using SSL/TLS, if the processor
supports SSL/TLS.
c. What this means to you
If you are using a wireless network, WLAN, you must set up your wireless network to use
WPA/WPA2 encryption for installations. N.B. WEP must not be used after June 30 2010. The WLAN
encryption is applied on top of the triple DES encryption and SSL/TLS (if SSL/TLS is supported by the
processor) implemented in the terminal.
If Point Vx connected to an external network without using WLAN you do not need to take any ac-
tion.
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
Author
Jevgenijs Smirnovs
E-mail
jevgenijs.smirnovs@verifone.com
Phone
+371 67844726
Document name
Verifone Payment Core
Point VxPC F02.01.xxx
Implementation Guide
Date
12-Jun-2015
Page number
Version
14
1.0
Hide quick links:
Advertisement
Table of Contents
