The PCI Security Standards Council issued guidelines for organizations which store, process or transmit cardholder data using wireless LAN technology as well as those who audit for compliance with the PCI’s Data Security Standard. The guidelines set forth the requirements for such organizations to secure their networks from unauthorized access, including (1) maintaining an up-to-date hardware inventory; (2) scanning to look for unauthorized access points; (3) ensuring physical security of wireless devices to prevent theft or other unauthorized physical access; (4) periodically changing the default settings’ access points; (5) using strong wireless authentication and encryption methods; and (6) developing and enforcing wireless usage policies.

TIP: Companies that collect, process or transmit cardholder data are likely subject contractually to the PCI standards, and should thus ensure that they are familiar with, and adhere to, the wireless transmission guidance. In general, it is important that companies ensure that they have properly secured their wireless networks, and the guidance can help provide direction in that regard.