23 February 2018
visit www.ebaday.com

PCI council sets out wireless security guidelines

20 July 2009  |  5428 views  |  0 Security/Risk

The Payment Card Industry Security Standards Council (PCI SSC) has published guidelines for retailers on securing wireless networks.

The council set up a special interest group to look into wireless network security for card transactions after the technology was implicated in several data breaches, including the TJX case.

The group of over 40 organisations - including POS vendors, network security companies, acquiring banks and large merchants - is aimed at firms that store, process or transmit cardholder data that may or may not have deployed 802.11 wireless LAN technology as well as assessors that evaluate PCI DSS compliance.

The group has identified nine applicable requirements for PCI DSS compliance in relation to wireless networks. These include making sure passwords are not on default, ensuring strong authentication and setting specific wireless usage policies.

Companies should also ensure they don't allow the copying, moving, or storing of cardholder data onto local hard drives when accessing it via wireless access technologies. The paper also says firms must separate wireless networks that process or store card data from those that do not.

Doug Manchester, chairman, wireless special interest group, says: "This firstever guide will help all in the payment chain, but particularly merchants, better understand the methods necessary to secure their wireless networks, or totally remove the networks from the scope of the DSS and the payment process."

The PCI SCC has set up another three special interest groups, covering scoping, virtualisation and pre-authorisation, which will publish their findings soon.

You can read the wireless guidelines here.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

PCI standards board asks PwC to review secure tech options

PCI standards board asks PwC to review secure tech options

24 June 2009  |  7330 views  |  0 comments
UK e-tailers don't understand PCI DSS - survey

UK e-tailers don't understand PCI DSS - survey

02 June 2009  |  7787 views  |  0 comments
Heartland threatens rivals over PCI compliance claims

Heartland threatens rivals over PCI compliance claims

25 March 2009  |  11631 views  |  0 comments
Visa talks up merchant PCI compliance

Visa talks up merchant PCI compliance

26 October 2007  |  6890 views  |  0 comments
TJX breach gets bigger with 94 million card numbers exposed

TJX breach gets bigger with 94 million card numbers exposed

25 October 2007  |  9938 views  |  0 comments
Massachusetts attorney general to probe TJX data breach

Massachusetts attorney general to probe TJX data breach

09 February 2007  |  9070 views  |  0 comments
PCI security standards council established

PCI security standards council established

08 September 2006  |  8192 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit http://info.nice.comvisit www.swift.com/your-needs/instant-paymentsvisit www.ebaday.com

Top topics

Most viewed Most shared
Ripple makes new connections to emerging marketsRipple makes new connections to emerging m...
10912 views comments | 14 tweets | 10 linkedin
hands typing furiouslySome Interesting Applications Of The Inter...
10059 views 3 | 9 tweets | 1 linkedin
Basel Committee outlines disruptive fintech scenariosBasel Committee outlines disruptive fintec...
7836 views comments | 15 tweets | 26 linkedin
Investment Association sets up fintech accelerator for asset managersInvestment Association sets up fintech acc...
7539 views comments | 19 tweets | 10 linkedin
R3 creates Legal Centre of Excellence for blockchain technolgyR3 creates Legal Centre of Excellence for...
7286 views comments | 10 tweets | 14 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job