New Credit Card Processing Rules Kill off WEP (in 2009)

Link:

The credit-card industry has finally revised rules to make WEP persona non grata: The PCI Security Standards Council was founded by Amex, Discover, JCB, Visa, and MasterCard, and each organization agreed to adopt the standards that the group decides on. The latest update of the Data Security Standard (DSS), drafted early this year, was adopted and released yesterday, and profoundly alters Wi-Fi security practices for any company that accepts any of major credit card. A summary can be downloaded under PCI DSS Summary of Changes. The new rules prohibit the use of the highly broken WEP (Wired Equivalent Privacy) standard as part of any credit-card processing--such as from a store terminal to a server--after 30-June-2010, and prohibit any new system from being installed that uses WEP after 31-March-2009. In practice, WEP has remained in relatively wide use among retailers as of last year because many individual and chain stores continue to use ancient point-of-sale gear. The supplier side changed slowly, too, with WEP still included as a standard feature long after WPA was widely available starting in 2004 in business and consumer Wi-Fi gear and computers. The use of WEP is what led to the TJ Maxx parent company network invasion. The DSS sets both security and audit standards: Merchants must conform to the document's guidelines, and if examined by their merchant card issuer, must be found to conform. If not, they could have the ability to process cards turned off, which makes it hard to be a retailer of any kind. An analysis of the changes in SearchSecurity states that 802.1X as being required, but I believe that may have been a typo. The SearchSecurity article notes that "802.1x" and "802.11x" are cited as examples of industry best practices in the summary document. However, in both the summary and full version of the DSS, I see "802.11i" listed, which is a generic way to refer to WPA2 with TKIP and AES keys. This would seem to indicate that the DSS would allow the use of WPA and WPA2 Personal, as is noted in Section 2.1.1. That same section, however, recommends the use of AES, which is only available in WPA2 compliant hardware. There doesn't seem to be any mention of 802.1X or WPA/WPA2 Enterprise elsewhere in the document or its summary....

Copyright �2008 Glenn Fleishman. All rights reserved. Please notify us if you find this content anywhere but at wifinetnews.com or wimaxnetnews.com. Reproduction of full articles from RSS feeds is prohibited without permission.

• Translate into: cs pl ru de ja nl es ar pt fr el it ko tr no fi hu sv ro hi bg et lt lt sk tl iw hr id ca lv sl sr uk vi
• Link: http://wifinetnews.com/archives/008474.html
• Complete RSS
• <<< Back

New Credit Card Processing Rules Kill off WEP (in 2009) - témata

Credit, Card, Processing, Rules, Kill, WEP, (in, 2009), New Credit Card Processing Rules Kill, WEP (in 2009) , PCI, Security, Standards, Council, Amex, Discover, JCB, Visa, MasterCard, Data, Standard, (DSS), Wi-Fi, DSS, Summary, Changes, (Wired, Equivalent, Privacy), 30-June-2010, 31-March-2009, WPA, 2004, Maxx, Merchants, SearchSecurity, 8021X, "8021x", "80211x", However, "80211i", WPA2, TKIP, AES, This, Personal, Section, 211, That, There, WPA/WPA2, Enterprise, ©2008, Glenn, Fleishman, All, Please, Reproduction, RSS, The, The PCI Security Standards Council, Amex, Discover, JCB, Visa,, MasterCard,, Data Security Standard (DSS),, PCI DSS Summary, Changes. The, WEP (Wired Equivalent Privacy), 30-June-2010,, 31-March-2009., The DSS, 802.1X, The SearchSecurity, "802.1x", "802.11x", However,, DSS,, "802.11i", WPA2 Personal,, Section 2.1.1. That, AES,, WPA/WPA2 Enterprise, ©2008 Glenn Fleishman. All, New Credit Card Processing Rules Kill off WEP (in 2009),

Podobné zprávy

• Fed Boosts Interest Rates Paid to Banks on Reserves
• BART Wi-Fi Plan Not in Jeopardy over Funding
• Brakes Locked For U.S. Auto Sales
• Manufacturing Falls to 26-Year Low
• Auto sales worst in 25 years
• Automakers post dismal Oct. sales
• For Telecoms, Some Signals Of Distress
• New York Coder Charged With Helping TJ Maxx Hacker
• Oct. 31, 1951: We'll Cross That Street When We Come to It
• ICANN Targeting Notorious Domain Name Seller
• Your Blog is Reallllllly Boring...
• Brocade cuts Foundry price
• If Elected ...: Candidates’ Positions on Student Loans Reflect Experience and Market Views
• Recession? Not in New Delhi's Luxury Stores
• Obama Accepting Untraceable Donations
• U.S. Markets Surge As Credit Starts to Thaw
• Prince Charles says climate the real crisis
• Central Banks Slashing Rates As Investors Flee
• Banks 'need a rethink' on risks
• Local Blogger: 'Barack Obama Loathes My Kind'
• Credit Crisis Slows Economy in Once-Hot Poland
• Build It. Share It. Profit. Can Open Source Hardware Work?
• IMF aid for Ukraine and Hungary
• New drugs could be hit in squeeze
• Financial Meltdown Worsens Food Crisis
• Campaign Finance Gets New Scrutiny
• How to Beat 'Card Bind'
• Around the World, the Signs Of Slowdown Spiral Outward
• Sun feeds data center pods to credit crunched
• Greenspan Admits Free Market Ideology Flawed
• West Is in Talks on Credit to Aid Poorer Nations
• Credit Crisis May Force Metro to Pay Millions
• Found Photoshop Contest: Cubicles of the Future
• Going to Buckethead at Jacksonville's Freebird Live
• Scott Brown on Facebook Friendonomics
• Dow Drops 5.7% Despite Signs of Thawing Credit
• Credit Rating Agency Heads Grilled by Lawmakers
• Credit-Rating Firms Grilled Over Conflicts
• Raising the Genius Bar: 7 Years of iPod Evolution
• Count on Identity Finder to help you secure sensitive data