[PCI DSS 1.x] 4.2 Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, i

[PCI-DSS] 4.2 Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat).

  4.2.a Verify that strong   cryptography is used whenever cardholder data is sent via end-user messaging   technologies. 

4.2.b Verify the existence of a policy stating that unencrypted PANs are not to be sent via end-user messaging technologies.

Sending crdit card data via email using Winzip encryption

[FONT=Verdana]If credit card data is sent to a 3rd party using WinZip 256 bit encryption does that suffice PCI req 4.2?[/FONT]
[FONT=Verdana] [/FONT]
[FONT=Verdana]Let say if the same email is also saved on the email server, does that meet PCI req 3?[/FONT]

Winzip is AES after a certain version, so as long it’s that version then with a 256 bit key you meet the intent of 4.2 for using strong encryption. Note that you also still have to meet all the key management requirements in section 3…