PCI Security Standards Council Published New Guide to Wireless Security

The PCI Security Standards Council (PCI SSC), an international open industry standards body providing management of the Payment Card Industry Data
Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has published the findings of the council’s special interest group (SIG) on wireless technologies.

The Wireless SIG has published an information supplement, PCI DSS Wireless Guideline, to help organisations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and practical methods and concepts for deployment of secure wireless in payment card transaction environments.

As wireless networks have been implicated in past payment card data breaches, a SIG was formed to investigate and create specific recommendations to increase the security of wireless implementations in accordance with the PCI DSS, and reduce the potential for wireless to be an entry point in attacks on networks containing card data. The new paper is intended for organisations that store, process or transmit cardholder data that may or may not have deployed wireless LAN (WLAN) technology, as well as assessors that evaluate PCI DSS compliance.

The findings of the SIG provides the first, highly specific, actionable wireless operational guide for complying with PCI DSS, including:

  • Generally applicable wireless requirements: These are requirements that all organisations should have in place to protect their networks from attacks via rogue or unknown wireless access points (APs) and clients.
  • Requirements applicable for in-scope wireless networks: These are requirements that all organisations that transmit payment card information over wireless technology should have in place to protect those systems.


Related reading