assumptions: Data is pushed to the Credit Card processor; Data is pulled from the Credit Card processor.
Questions:
What does the “CardHolder data Environment” Mean?? Look in the glossary and if one follows the guidelines for 1.3.3 (which says to stage the data through a DMZ box), your DMZ now becomes part of the Cardholder Data environment and can’t have direct access to… oops endless loop…
OK, so we assume that the rule should be that the cardholder data environment is anywhere where the cardholder data is NOT encrypted. So, one could (must) stage it through a DMZ box - as long as one is using encryption based upon a shared secret… - Key Management worries now!!
It would appear that SSH is now no longer a acceptable method of sending information to the card processor ??
VillyM – you raised the same issue that exists in Section 1.3.5.
PGP encrypted file transferred via SFTP/SSH is still very common… I have asked the same question that you asked many times but could never get a consistent answer.
Short of implement SOCKS proxy (which itself could be problematic to maintain) – i am also at a loss on how to interpret section 1.3.3-through 1.3.5