We use wireless payment terminals in our stores for busy queues and have heard the rules on using them are changing. What do we have to do?
The Payment Card Security Standards Council (PCISSC) has brought in guidance for using wireless networks in stores to transmit credit and debit card information. The idea is to prevent hackers from accessing the data while it is being transmitted across the wireless network.
According to payment security expert William Malcolm from law firm Pinsent Masons retailers were last year barred from installing new systems that use the WEP wireless encryption standard, and from June of this year companies will be stopped from using WEP-based systems at all.
The PCISSC said that any company still using WEP after that date would not be compliant with the Payment Card Industry Data Security Standard. Non-compliant companies can have their right to process cards revoked.
The PCISSC has also issued guidance on using wireless networks, including that retailers must periodically change the passwords and settings of devices and networks; that they must use strong encryption to send messages; and that their use of wireless technologies must be subject to a usage policy.
They must also maintain an up-to -date inventory of hardware, scan networks to look for unauthorised points of access and ensure that the wireless devices are physically secure and not stolen or accessed by other people.
Malcolm adds: “Organisations should study the guidance carefully to see if it strikes the right balance between maintaining security and allowing operational flexibility.”
No comments yet