Resources for Federal Financial Institutions Examination Council (FFIEC)

WLAN Security Service Aims to Boost PCI Compliance

www.wi-fiplanet.com

In January, TJX reported a breach that jeopardized over 45 million credit and debit card numbers. That incident has been attributed in part to a WLAN break-in launched outside a Marshall’s store.

In a related statement, the PCI Security Standards Council said, “Security of customer payment data is not just a payment brand issue but the responsibility of all businesses that participate in the process. All merchants and service providers that store, process and transmit payment card data are required by the payment brands to comply with the PCI Data Security Standard – their customers expect it and their reputations depend on it.”

That standard, PCI DSS Version 1.1, outlines a dozen requirements for security management, policies, procedures, network architecture, software design and other measures to protect cardholder data when stored, processed, or sent over any type of network – including wireless LANs.

However, the PCI Security Standards Council does not enforce compliance. Individual payment brands like AMEX and Discover operate their own security programs. Each brand decides what merchants must do to comply, along with penalties and incentives.

View the Resource

Share or bookmarklet this web page at: