IMGCAP(1)]
The Payment Card Industry Security Standards Council last week released a supplement to the Data Security Standard, the PCI DSS Wireless Guideline, to help organizations better understand how the standard applies to wireless technologies, according to the Wakefield, Mass.-based council. The council formed a special interest group, chaired by Doug Manchester, director of product security at VeriFone Holdings Inc., to create the recommendations to help organizations increase wireless security in accordance with the PCI standard and to reduce the potential for wireless to be an entry point for attacks on networks containing card data. The Wireless Guideline includes nine requirements and provides guidance and installation suggestions for testing or deploying wireless local area networks, which link multiple computers and enable communication between them. The guide "will help all in the payment chain, but particularly merchants, to better understand the methods necessary to secure their wireless network or totally remove the networks from the scope of the DSS and the payment process," says Manchester. The council to date has created four special-interest groups—wireless, scoping, virtualization and pre-authorization—to clarify elements of the standard that may be considered challenging or open to interpretation.
