What if I don’t have wireless in my retail environment?
This is a question often asked by a retailer. An important point to keep in mind is if a retail environment does not have wireless, it does not eliminate the need for wireless scans or intrusion detection. The whole purpose is to identify rogue wireless access points. It cannot be done without checking for wireless intrusion. Physical inspections are important but it does not complete the process and can only go so far. Unless you are checking for wireless activity – you cannot determine if there is a rogue wireless access point.
One of the reasons that wireless networks are so vulnerable to data breaches is that, unlike wired networks, they do not utilize a physical barrier. This lack of a physical barrier allows hackers to easily find unprotected and even undetected wireless access points, leaving your cardholder’s data accessible to anyone capable of wireless intrusion. These factors are exactly why PCI DSS standards require all organizations that store, process, or transmit cardholder data to secure their wireless technology, whether the technology is used intentionally or not.
PCI DSS standards also state that: