Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

PCI Council Publishes Wireless Security Guidlines for Payment Cards

Posted by John B. Frank Wednesday, July 15, 2009

Editor's Note:  HomeATM CEO, Ken Mages, a noted security expert, has worked on and put forth his recommendations regarding "web security guidelines" for payment cards. 

Call it  "wPCI."  

Considering today's announcement that PCI is publishing "wireless" security guidelines, I don't see any reason why the council wouldn't be 100% behind putting together a Web Special Interest Group (SIG) and begin this much needed process as well.  In fact, I would humbly suggest that there is a huge void until they publish web security guidelines.  Would it take a year and a half?  Well, let's just say they could derive a huge head start by giving Ken a call...
Any business accepting credit and debit cards -- and using or considering wireless LANs -- should carefully review the recommendations for use of 802.11 wireless access points that are detailed in the guidelines issued Wednesday by the Payment Card Industry Security Standards Council.

In the past, the council has issued standards that have become required by Visa, MasterCard, banks and others for secure processing of payment and debit cards. Troy Leach, the council's technical director, emphasized that the recommendations in the "PCI Data Security Standard (DSS) Wireless Guideline" are not mandatory for businesses handling payment cards and using WLANs. But he adds, "This is probably the way wireless should have been deployed all along."

And though not officially mandatory, the PCI guideline for WLAN deployments, which expands on the existing 12-part standard PCI DSS that is required, do point merchants in the direction the council thinks is optimum for protecting cardholder data.

The guideline was crafted by the council's Wireless Special Interest Group (SIG), chaired by Doug Manchester, director of product security at VeriFone Holdings, in a process that took more than half a year with 50 SIG participants.

Manchester, who notes the guideline is specifically for WLANs and doesn't include technologies such as BlueTooth (more wireless-technology guidelines can be expected in the future), says the goal was to clear up questions and establish a "common vocabulary."

Continue Reading






, , , ,

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio