On Wed, Oct 19, 2011 at 6:26 PM, Hiers, David <David_Hiers at adp.com> wrote: That doesn't really "cover" the internet... it just mentions the internet. "11.1 If the payment application ... the payment application must support use of strong cryptography and security protocols". This would mean that the payment application software has to support encryption of data before emitting it over any public network, that's entirely agnostic to the nature of the transport, whether it be radio broadcasts, US mail, or carrier pigeons, the application has to encrypt the message, no matter whether the message is transmitted packetized as PCM over a series of IP packets, analog audio signals, a .WAV file attached to an e-mail, or printed on punch cards for snail mail. Modern payment applications don't normally utilize voice (or punch cards), however.....
This PCI requirement covers the entire Internet, regardless of protocol: ## 11.1 If the payment application sends, or facilitates sending, cardholder data over public networks, the payment application must support use of strong cryptography and security protocols [snip]
-- -JH