Managing PCI DSS Requirements with a WLAN


If you process credit card data you’ve got a lot of security responsibilities. If you process credit card data over a wireless network, you have even more.


Retailers and other organizations that deal with credit card data must follow the
guidelines and requirements of the Payment Card
Industry Data Security Standard (PCI DSS)
. Backed by the major credit card companies,
these rules are put into place to ensure the security of cardholder data while it’s
transferred, processed, and stored.

These PCI DSS standards address all areas of information security. In this article,
however, we’re concentrating on the rules specifically involving wireless networks.
Organizations that don’t even use Wi-Fi, but deal with cardholder data from the major
credit companies, must still satisfy some wireless-specific requirements.

There are two sets of guidelines–or requirements–we’ll discuss. To better understand
when or how they apply to an organization, we must first be aware that the network
segment where cardholder data is transferred, processed, or stored is called the
“Cardholder Data Environment (CDE).”

Any network component in or directly connected to the segment where cardholder data is
handled is a part of the CDE. Examples of network components that might be in the CDE
include switches, wireless access points (APs), computers, handheld scanners, registers,
and bordering firewalls. The CDE can be separated from other networks or network segments
using firewalls.

Read Understanding the Wi-Fi Security Guidelines of PCI DSS on esecurityplanet.com.

News Around the Web