Under PCI DSS, what must be done to cardholder data before it is transmitted across networks?

To ensure the security of cardholder data during transmission across networks, encryption is a critical requirement under PCI DSS. The purpose of encrypting cardholder data is to protect it from unauthorized access and breaches during transfer, whether between systems, over the internet, or across any potentially insecure networks. Encryption transforms the original data into a coded format that can only be deciphered with the correct decryption key, making it significantly more challenging for attackers to access the sensitive information even if they intercept the data.

This requirement extends beyond just safeguarding data at rest; securing data in transit is equally important to uphold the overall security posture as mandated by PCI DSS. Transmitting unprotected cardholder data would expose it to various risks and vulnerabilities in transit, thus violating PCI DSS standards for protecting card information. The practices of temporarily storing or deleting cardholder data do not address the immediate need for secure transmission, nor do they comply with PCI DSS requirements for data security during transfer.