We do not recommend that you use wireless technology for the environment where CloudBlue Commerce is installed, but if wireless is used or implemented in the payment environment or application, the wireless environment must be configured per PCI DSS requirements 1.2.3, 2.1.1, and 4.1.1. Wireless technology must be securely implemented and transmissions of cardholder data over wireless networks must be secure.
PCI Requirements for Wireless Implementations:
- Install and configure perimeter firewalls between wireless networks and systems that store credit card data, per PCI DSS requirement 1.2.3.
- Modify default wireless settings, as follows, per PCI DSS requirement 2.1.1:
- Change default encryption keys upon installation and anytime anyone with knowledge of the encryption keys leaves the company or changes positions
- Change default service set identifier (SSID)
- Change default passwords or passphrases on access points
- Change default SNMP community strings
- Enable WiFi protected access (WCloudBlue Commerce and WPA2) technology for encryption and authentication
- Update firmware on wireless access points to support strong encryption and authentication (WPA/WPA2)
- Change the other security related wireless vendor defaults.