Credit cards account for more than $2.5 trillion in transactions a year and are accepted at more than 24 million locations in more than 200 countries and territories. It is estimated that there are 10,000 payment card transactions made every second around the world.
All organizations that accept payment cards are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). They must comply with this security standard whether or not they use wireless technology to process credit card data.
Organizations that are not PCI-compliant risk significant fines and other consequences. Noncompliance is established in several ways - for instance, through audits that find unsecured transactions or as a result of verified security breaches. The impact on profitability includes card replacement costs and customer fear, which can quickly lead to a damaged brand and lost sales, expensive forensic audits, lawsuits, and liability claim compensation.
If becoming compliant seems like a costly upfront investment, consider that compliance is not only mandatory for any organization that handles payment card data, but also provides a useful, auditable framework within which an organization can actively and continuously pursue greater security for cardholder data and other data.
This paper aims to provide an
understanding of PCI DSS and direction for a variety of different organizations
in applying the criteria to wireless infrastructure, connectivity, size and
current payment card security preparedness. Additionally, this paper will make
recommendations for wireless security actions and architectures that
organizations ought to employ in order to attain and maintain PCI compliance as
the consequences of noncompliance intensify over time.
Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)
Charge cards are an essential tool for virtually all businesses today. And, as noted, Payment Card Industry Data Security Standard (PCI DSS) is required for all businesses.
As also noted in the paper, "PCI DSS 2.0, in effect as of January 2011, has been updated for clarity, reduced redundancy and requirement evolution. The document and comprehensive breakdown of changes is available on the PCI Security Standards Council’s website.
These standards are especially important when wireless networks are involved. Thus, I consider this paper to be a "must read."