Ensuring that those connections are secure is a critical first step toward achieving PCI DSS compliance.
Akron, Ohio (Vocus) January 29, 2009
On January 1, a new version of the Payment Card Industry Data Security Standard (PCI DSS), version 1.2, took effect. A new white paper from Summit Data Communications reveals that, for most of today's retailers, solid Wi-Fi® client device security is essential for compliance with PCI DSS v1.2. Such security can be achieved by following three best practices identified in the paper.
Wi-Fi is popular in retail because it improves the productivity of mobile workers and reduces the costs of configuring and reconfiguring networks in stores and distribution centers. Many retailers have been using wireless local area networks since before Wi-Fi was a standard, and the majority of retailers consider wireless LANs to be critical components of their information infrastructures.
"In retail, business-critical applications rely on Wi-Fi connections between client devices and the network," said Summit president Ron Seide. "Ensuring that those connections are secure is a critical first step toward achieving PCI DSS compliance."
PCI DSS v1.1 allowed for the use of WEP, the outmoded encryption method that can be hacked easily. PCI DSS v1.2 prohibits the use of WEP for new wireless LANs after March 31 and requires that retailers phase out WEP from existing wireless LANs by the middle of next year.
PCI DSS v1.2 classifies both Wi-Fi Protected Access (WPA) and WPA2 as sufficient replacements for WEP. A few months ago, however, two German researchers reported that a vulnerability in the WPA encryption method of TKIP could enable an attacker to decrypt individual packets that are encrypted with TKIP. The same vulnerability does not exist with the WPA2 encryption method of AES-CCMP.
"Thieves are growing increasingly sophisticated," said Seide. "Today they can break WEP keys in a matter of minutes, and soon they may be able to crack WPA keys just as easily. Retailers need to use Wi-Fi client devices that support the highest level of standards-based authentication and encryption, which is the Enterprise version of WPA2."
The Summit white paper, "Wi-Fi Client Device Security and Compliance with PCI DSS", is available free of charge from the Summit Web site, http://www.summitdatacom.com.
Summit Data Communications, Inc. is the leader in embedded Wi-Fi solutions for mobile computers and other business-critical mobile devices. Summit Wi-Fi solutions are optimized for the challenging environments in which business-critical mobile devices operate, including factories, warehouses, ports, hospitals, and retail stores.
Wi-Fi® is a registered trademark and Wi-Fi Protected Access is a trademark of the Wi-Fi Alliance.
+1 330.434.7929 Ext. 100