Section 4.1.a of the PCI-DSS requires ASVs and QSAs to verify that:
-- Strong (at least 128-bit) encryption (e.g., SSLv.3/TLSv.1.0 )* is used wherever cardholder data is transmitted or received over open, public networks;
-- HTTPS appears as a part of the browser Universal Record Locator (URL), and that no cardholder data is required when HTTPS does not appear in the URL; and
-- Only trusted SSL/TLS certificates are accepted.
-- Section 4.1.1.a contains similar requirements for wireless networks transmitting cardholder data or connected to cardholder environments.
Data must be rendered unreadable using strong cryptography--Triple-DES 128-bit or AES 256-bit. ASVs must check SSL version, certificate validity, authenticity, and matching server name.
-- Anything less than v3.0 of SSL is considered non-compliant (unless SSL 2.0 or older is enabled only for an initial handshake to identify that the browser needs to be updated).
DigiCert Certificates Offer End-to-End Solutions
DigiCert offers Extended Validation (EV) certificates that provide a greater degree of online confidence. EV Certificates provide additional trust by consumers and cardholders because they activate a green address bar in web browsers whenever an SSL session is established with a merchant’s or issuing bank’s EV-validated site.
