17 October 2017

PCI council sets out wireless security guidelines

20 July 2009  |  5361 views  |  0 Security/Risk

The Payment Card Industry Security Standards Council (PCI SSC) has published guidelines for retailers on securing wireless networks.

The council set up a special interest group to look into wireless network security for card transactions after the technology was implicated in several data breaches, including the TJX case.

The group of over 40 organisations - including POS vendors, network security companies, acquiring banks and large merchants - is aimed at firms that store, process or transmit cardholder data that may or may not have deployed 802.11 wireless LAN technology as well as assessors that evaluate PCI DSS compliance.

The group has identified nine applicable requirements for PCI DSS compliance in relation to wireless networks. These include making sure passwords are not on default, ensuring strong authentication and setting specific wireless usage policies.

Companies should also ensure they don't allow the copying, moving, or storing of cardholder data onto local hard drives when accessing it via wireless access technologies. The paper also says firms must separate wireless networks that process or store card data from those that do not.

Doug Manchester, chairman, wireless special interest group, says: "This firstever guide will help all in the payment chain, but particularly merchants, better understand the methods necessary to secure their wireless networks, or totally remove the networks from the scope of the DSS and the payment process."

The PCI SCC has set up another three special interest groups, covering scoping, virtualisation and pre-authorisation, which will publish their findings soon.

You can read the wireless guidelines here.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

PCI standards board asks PwC to review secure tech options

PCI standards board asks PwC to review secure tech options

24 June 2009  |  7276 views  |  0 comments
UK e-tailers don't understand PCI DSS - survey

UK e-tailers don't understand PCI DSS - survey

02 June 2009  |  7737 views  |  0 comments
Heartland threatens rivals over PCI compliance claims

Heartland threatens rivals over PCI compliance claims

25 March 2009  |  11542 views  |  0 comments
Visa talks up merchant PCI compliance

Visa talks up merchant PCI compliance

26 October 2007  |  6837 views  |  0 comments
TJX breach gets bigger with 94 million card numbers exposed

TJX breach gets bigger with 94 million card numbers exposed

25 October 2007  |  9863 views  |  0 comments
Massachusetts attorney general to probe TJX data breach

Massachusetts attorney general to probe TJX data breach

09 February 2007  |  8999 views  |  0 comments
PCI security standards council established

PCI security standards council established

08 September 2006  |  8122 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.capgemini.comvisit www.vasco.comvisit www.temenos.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
14794 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8142 views comments | 15 tweets | 21 linkedin
hands typing furiouslyHow artificial intelligence can deliver a...
7465 views 0 | 7 tweets | 9 linkedin
satelliteGates Foundation backs Ripple collaboratio...
6766 views comments | 13 tweets | 7 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
6107 views comments | 8 tweets | 16 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job