Friday, August 14, 2009

Payment Card Industry Issues Data Security Guidance for Wireless Networks

The Payment Card Industry Security Standards Council released a new set of recommendations on how organizations subject to the PCI Data Security Standard (DSS) should address the data security concerns raised by wireless networks. The DSS requires all participating “merchants, banks, [and] POS [point of sale] vendors” -- as well as their service providers and other contractors -- to implement six sets of security requirements: build and maintain a secure network, protect card holder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. As we have previously reported, the latest version of the DSS added a requirement that covered entities ensure that "wireless networks transmitting cardholder data or connected to the cardholder data environment [CDE] ... use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission." The guidance issued last month by the Standards Council offers suggestions on how to comply this requirement.

No comments: