[PCI-DSS] 4.2 Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat).
4.2.a Verify that strong cryptography is used whenever cardholder data is sent via end-user messaging technologies.
4.2.b Verify the existence of a policy stating that unencrypted PANs are not to be sent via end-user messaging technologies.
Sending crdit card data via email using Winzip encryption
[FONT=Verdana]If credit card data is sent to a 3rd party using WinZip 256 bit encryption does that suffice PCI req 4.2?[/FONT]
[FONT=Verdana]Let say if the same email is also saved on the email server, does that meet PCI req 3?[/FONT]
Winzip is AES after a certain version, so as long it’s that version then with a 256 bit key you meet the intent of 4.2 for using strong encryption. Note that you also still have to meet all the key management requirements in section 3…