To be PCI compliant, emails have to be encrypted, ensuring that data cannot be intercepted. Most email servers now accommodate Transport Layer Security (TLS), which embeds the encryption capability in each email automatically. Because TLS is becoming universal and encryption thus is becoming standard, virtual card information can be sent securely via email.
Each time Conferma is going to email a virtual card number, it verifies that the supplier’s email system continues to meet encryption standards. That’s because it's possible for an email recipient to lose encryption capability, via a cyberattack, for example, or because the supplier changed its email setup. Suppliers receive a secure email which sends the full card number, CVV and billing instructions through an encrypted gateway.
If Conferma detects that a supplier no longer is using an email server that supports TLS, it will notify the buyer that the communication has failed.
The security standard requires Transport Layer Security (TLS) 1.2 or 1.3 to be enabled with a certificate that does not exceed 397 days from today’s date.