The Payment Card Industry (PCI) Security Standards Council has released a document that provides guidelines on how to secure a wireless LAN.
The new guidelines supplement the PCI Data Security Standards (PCI DSS) and cover off on the issues that need to be addressed to ensure that a merchant’s total environment is secure.
In cases where cardholder data is not transmitted wirelessly, some merchants may have assumed that the wireless component of their network would not be within the scope of a PCI audit. However, because network breaches can often occur through vulnerabilities in the WLAN, the security of all of a merchant’s network (including wireless) will always be part of a PCI assessment.
The new document seeks to provide practical guidelines for ensuring that WLAN configuration and operation meets PCI requirements.
More generally, the PCI Wireless Guidelines are a useful tool for any organisation utilising wireless; even one not transmitting/storing cardholder data. Wireless networks may well be the target of breach attempts and the guidelines outline many useful steps that organisations can take to tighten/maintain overall network security.
The document can be found here: Information Supplement: PCI DSS Wireless Guidelines