Wireless Networking and PCI Compliance - 2011

Credit cards account for more than $2.5 trillion in transactions a year and are accepted at more than 24 million locations in more than 200 countries and territories. It is estimated that there are 10,000 payment card transactions made every second around the world.

All organizations that accept payment cards are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). They must comply with this security standard whether or not they use wireless technology to process credit card data.

Organizations that are not PCI-compliant risk significant fines and other consequences. Noncompliance is established in several ways - for instance, through audits that find unsecured transactions or as a result of verified security breaches. The impact on profitability includes card replacement costs and customer fear, which can quickly lead to a damaged brand and lost sales, expensive forensic audits, lawsuits, and liability claim compensation.

If becoming compliant seems like a costly upfront investment, consider that compliance is not only mandatory for any organization that handles payment card data, but also provides a useful, auditable framework within which an organization can actively and continuously pursue greater security for cardholder data and other data.

This paper aims to provide an understanding of PCI DSS and direction for a variety of different organizations in applying the criteria to wireless infrastructure, connectivity, size and current payment card security preparedness. Additionally, this paper will make recommendations for wireless security actions and architectures that organizations ought to employ in order to attain and maintain PCI compliance as the consequences of noncompliance intensify over time.

Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)