Non-encrypted confidential information - Credit Cards
Description
In alignment with the PCI DSS standard, sensitive information regarding payment cards must be masked and encrypted at the user end and at the server end.
Impact
Obtain credit card information.
Recommendation
Encrypt all sensitive information that is transported or stored within the application according to the organizations policies.
Threat
Unauthorized insider attacker performing a MitM.
Expected Remediation Time
⏱️ 120 minutes.