When transmitting cardholder data over open networks, which practice is required?

Protecting cardholder data in transit over open networks relies on strong cryptography and authenticated channels. In practice, this means encrypting the data with strong cryptographic protocols (such as TLS) and ensuring the endpoints are authenticated using trusted keys and certificates, while enforcing current protocol versions to avoid weak or deprecated options. This combination keeps data confidential, protects integrity, and prevents man-in-the-middle attacks. Using SSL without certificates fails because it would lack proper authentication and could rely on weak configurations. Allowing any certificate and any protocol version defeats the necessary trust and strength requirements. Transmitting data in clear text, even inside a VPN, violates the protection principle for data in transit.