PCI Security Standards Council (PCI SSC) has publsihed the findings of the Council’s Special Interest Group (SIG) on Wireless technologies. It is to help firms understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and practical methods and concepts for deployment of secure wireless in payment card transaction environments.
As wireless networks have been implicated in past payment card data breaches, a SIG formed to investigate and create specific recommendations to increase the security of wireless implementations (in accordance with the PCI DSS), and reduce the potential for wireless to be an entry point in attacks on networks containing card data. The new paper is intended for organizations that store, process or transmit cardholder data that may or may not have deployed wireless LAN (WLAN) technology, as well as assessors that evaluate PCI DSS compliance.
The Wireless Special Interest Group was chaired by Doug Manchester, director of product security for VeriFone Holdings and was made up of participants from more than 40 organizations. Industry experts from Capita, The Information Assurance Consortium, McDonald’s, Motorola and Unified Compliance Framework greatly facilitated the research and publication of the new guidelines. In total, nine applicable requirements are analyzed and summarized with recommendations for implementation. These steps are designed to help organizations meet their security needs and provide guidance to assessors helping organizations meet the requirements of the DSS.
PCI Security Standards Council (PCI SSC) is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). The PCI Security Standards Council was formed by the major payment card brands – American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa.