Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Last week, the PCI Security Standards Council published its first installment: a 33-page paper for clarifying how retailers should secure their wireless internet environment.“The guidelines are not there to add any new control objectives to the DSS requirements," Doug Manchester, director of product security for payment technology vendor VeriFone Holdings, told SCMagazineUS.com. "It's more intended to help explain what's required."Manchester chaired the special interest group responsible for the document. Among its goals, the document is intended to remove any confusion or ambiguity as to what is required so that qualified security assessors (QSAs), responsible for assessing merchant compliance with the PCI DSS, and retailers have a common understanding, Manchester said. All retailers that are using Wi-Fi in their business – even those that do not transmit payment card information over the wireless network -- should read the document, Troy Leach, technical director for the PCI Security Standards Council, told SCMagazineUS.com Thursday.Retailers that use Wi-Fi but do not use it to transmit payment card data must ensure -- and be able to demonstrate -- that their wireless network is fully segmented from the sensitive cardholder data, Manchester said.“We have seen in the past that that's a common weak point of an organisation's security system and a primary target,” Manchester said. “Even if it's not transmitting cardholder data, you still need to protect it, and make sure that network doesn't bleed into the cardholder data environment.”Retailers using their Wi-Fi network to transmit payment card data must ensure that the appropriate level of encryption is used, Manchester said. The guidelines recommend retailers enable WPA or WPA2 encryption, which has replaced the weaker Wired Equivalent Privacy (WEP) standard. Also, retailers must maintain the physical integrity of the devices and have logging capabilities and intrusion prevention features.Other PCI special interest groups are working to provide clarity about other parts of the DSS that were deemed challenging to retailers -- areas such as scoping, virtualisation and pre-authorisation.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.