WiFi – PCI compliance: Why is it Important?




New devices and old alike:



The issue with WiFi is that it is a network piece that can bite you if you are not aware of it.


In PCI compliance the relevant section (besides the sections for configuring your device correctly at 4.1)

The testing of Wireless networks is in 11.1:



There is an interesting little tidbit in a Network Daily article  (red letter from article)


extreme hack #4: Wireless card hacking

{ If your credit or debit card contains an RFID “contactless” payment mechanism, such as MasterCard PayPass or American Express ExpressPay, its information can likely be read by a hacker who walks by your wallet or purse. This is because any nonprotected RFID device can be hacked, including RFID-enabled passports, building access cards, and product tracking stickers.  }

So what does this really mean?  it means if you do not take physical control and constant vigilance of your Wifi Access points anomalies can occur which means your network could be compromised and you won’t know it.

Just like if you have a RFID credit card






Without an EM (electromagnetic) block your  wallet Credit cards with Wifi can be stolen by an enterprising hacker.

Now the very definition of a hacker is someone who uses technical knowledge to bypass regular connections and methods to achieve a goal. So if you are not vigilant then this unethical hacker will try to achieve their goal (steal your resources and PAN numbers)

PAN – Primary Account Number

the whole idea with Compliance and Security programs is to make your company more secure so that the hacker will go attack an easier target. Plus a side benefit is that a security policy will satisfy auditors before they are there reviewing everything.