Common use of Protect Data in Transit Clause in Contracts

Protect Data in Transit. All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. • Card holder data (PAN, track data, etc.) must never be sent over the internet via email, instant chat or any other end user technologies. • If there is a business justification to send cardholder data via email or by any other mode then it should be done after authorization and by using a strong encryption mechanism (i.e. – AES encryption, PGP encryption, SSL, TLS, IPSEC, etc.). • The transportation of media containing sensitive cardholder data to another location must be authorised by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location.

Protect Data in Transit. All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. •  Card holder data (PAN, track data, etc.) must never be sent over the internet via email, instant chat or any other end user technologies. •  If there is a business justification to send cardholder data via email or by any other mode then it should be done after authorization and by using a strong encryption mechanism (i.e. – AES encryption, PGP encryption, SSL, TLS, IPSEC, etc.). •  The transportation of media containing sensitive cardholder data to another location must be authorised by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location.

Protect Data in Transit. All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. • Card holder data (PAN, track data, etc.) must never be sent over the internet via email, instant chat or any other end user technologies. • If there is a business justification to send cardholder data via email or by any other mode then it should be done after authorization and by using a strong encryption mechanism (i.e. – AES encryption, PGP encryption, SSL, TLS, IPSEC, etc.). • The transportation of media containing sensitive cardholder data to another location must be authorised by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location.