19 August 2017
visit www.avoka.com

PCI council sets out wireless security guidelines

20 July 2009  |  5318 views  |  0 Security/Risk

The Payment Card Industry Security Standards Council (PCI SSC) has published guidelines for retailers on securing wireless networks.

The council set up a special interest group to look into wireless network security for card transactions after the technology was implicated in several data breaches, including the TJX case.

The group of over 40 organisations - including POS vendors, network security companies, acquiring banks and large merchants - is aimed at firms that store, process or transmit cardholder data that may or may not have deployed 802.11 wireless LAN technology as well as assessors that evaluate PCI DSS compliance.

The group has identified nine applicable requirements for PCI DSS compliance in relation to wireless networks. These include making sure passwords are not on default, ensuring strong authentication and setting specific wireless usage policies.

Companies should also ensure they don't allow the copying, moving, or storing of cardholder data onto local hard drives when accessing it via wireless access technologies. The paper also says firms must separate wireless networks that process or store card data from those that do not.

Doug Manchester, chairman, wireless special interest group, says: "This firstever guide will help all in the payment chain, but particularly merchants, better understand the methods necessary to secure their wireless networks, or totally remove the networks from the scope of the DSS and the payment process."

The PCI SCC has set up another three special interest groups, covering scoping, virtualisation and pre-authorisation, which will publish their findings soon.

You can read the wireless guidelines here.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

PCI standards board asks PwC to review secure tech options

PCI standards board asks PwC to review secure tech options

24 June 2009  |  7216 views  |  0 comments
UK e-tailers don't understand PCI DSS - survey

UK e-tailers don't understand PCI DSS - survey

02 June 2009  |  7710 views  |  0 comments
Heartland threatens rivals over PCI compliance claims

Heartland threatens rivals over PCI compliance claims

25 March 2009  |  11478 views  |  0 comments
Visa talks up merchant PCI compliance

Visa talks up merchant PCI compliance

26 October 2007  |  6790 views  |  0 comments
TJX breach gets bigger with 94 million card numbers exposed

TJX breach gets bigger with 94 million card numbers exposed

25 October 2007  |  9807 views  |  0 comments
Massachusetts attorney general to probe TJX data breach

Massachusetts attorney general to probe TJX data breach

09 February 2007  |  8957 views  |  0 comments
PCI security standards council established

PCI security standards council established

08 September 2006  |  7509 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.dorsum.euvisit www.niceactimize.comvisit www.worldpaymentsreport.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
8272 views comments | 23 tweets | 23 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
7509 views comments | 19 tweets | 23 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
6571 views comments | 10 tweets | 7 linkedin
hands typing furiouslyWhy Blockchain Might Not Be The Future For...
6194 views 1 | 5 tweets | 3 linkedin
Apple sidelined as Beijing transit system launches payments appApple sidelined as Beijing transit system...
6048 views comments | 11 tweets | 9 linkedin

Featured job

Competitive base and bonus, plus benefits
London, UK

Find your next job