Sensitive data not encrypted

Description

Sensitive data such as credit card numbers, social security numbers are sent without using an encrypted connection. Information sent in clear text is not encrypted and therefore, can be intercepted.

Remediation

Encrypting the transmission of data makes it difficult to intercept sensitive information as it travels between two parties. It is recommended to use an encrypted connection Secure Socket Layer (SSL). In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering.