News: Nov 08

PCI DSS and Mobile Devices

A white paper from Summit Data Communications reveals the three best practices for ensuring that Wi-Fi client devices are compliant with the Payment Card Industry Data Security Standard (PCI DSS).

Because credit card companies, not retailers, are held responsible for fraudulent charges due to stolen credit card information, major credit card companies have established the Payment Card Industry (PCI) Security Standards Council. The Council has created a common set of guidelines for how retailers must protect the credit card information stored, processed, and transmitted on their networks. Those guidelines are codified as requirements in the PCI Data Security Standard, or PCI DSS. A retailer that fails to comply with PCI DSS can face stiff penalties, including losing the right to accept credit cards.

An in-store Wi-Fi network with inadequate protections enables thieves to steal credit card information without entering the store. A Wi-Fi security scheme is viable only if it is supported by every client devices that is allowed on the network.

The Wi-Fi security best practices for ensuring compliance with PCI DSS are:

• se WPA™-Enterprise or WPA2™-Enterprise with a strong EAP type on every Wi-Fi client device.
• Ensure that every Wi-Fi client device is configured to connect only to trusted access points that use WPA-Enterprise or WPA2-Enterprise and do not broadcast SSIDs.
• Use ongoing monitoring to demonstrate the effectiveness of your Wi-Fi security approach and to catch potential attackers in the act.

To view the white paper on PCI DSS compliance, click here.

Wi-Fi® and the Wi-Fi Alliance® are registered trademarks, and Wi-Fi Protected Access, WPA, and WPA2 are trademarks of the Wi-Fi Alliance.