Managing PCI DSS Requirements with a WLAN

By Eric Geier

December 11, 2009

If you process credit card data you've got a lot of security responsibilities. If you process credit card data over a wireless network, you have even more.

If you process credit card data you've got a lot of security responsibilities. If you process credit card data over a wireless network, you have even more.


Retailers and other organizations that deal with credit card data must follow the guidelines and requirements of the Payment Card Industry Data Security Standard (PCI DSS). Backed by the major credit card companies, these rules are put into place to ensure the security of cardholder data while it's transferred, processed, and stored.

These PCI DSS standards address all areas of information security. In this article, however, we're concentrating on the rules specifically involving wireless networks. Organizations that don't even use Wi-Fi, but deal with cardholder data from the major credit companies, must still satisfy some wireless-specific requirements.

There are two sets of guidelines--or requirements--we'll discuss. To better understand when or how they apply to an organization, we must first be aware that the network segment where cardholder data is transferred, processed, or stored is called the "Cardholder Data Environment (CDE)."

Any network component in or directly connected to the segment where cardholder data is handled is a part of the CDE. Examples of network components that might be in the CDE include switches, wireless access points (APs), computers, handheld scanners, registers, and bordering firewalls. The CDE can be separated from other networks or network segments using firewalls.

Read Understanding the Wi-Fi Security Guidelines of PCI DSS on esecurityplanet.com.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.