WEP (Wired Equivalent Privacy) is an algorithm used to secure your wireless network also know as a Wi-Fi Network. Many major retailers, such as TJ Maxx, use WEP and have recently been hacked into. Many weaknesses have been identified when using a WEP connection and it has been known to be easily hacked.
In the PCI DSS 1.2 Summary of Changes, the PCI Security Standards Council announced several adjustments to the wireless network security requirements:
- Wireless must be implemented using strong encryption for authentication and transmission. The Council cites IEEE 802.11i as an appropriate example.
- Merchants are no longer permitted to deploy any new Wired Equivalent Privacy (WEP) networks as of March 31st, 2009.
- Merchants using WEP networks must transition to Wi-Fi Protected Access (WPA) security no later than June 30, 2010.
Converting to WPA should be a fairly easy process. Most technical websites show that all wireless equipment manufactured since late 2003 comes standard with WPA (Wireless Application Protocol), which is an open standard for application layer network communications in a wireless environment. It is mainly used to enable mobile phones.
Many retailers will have to replace their existing obsolete hardware, and the upgrade may force retailers to spend a lot of money on new systems. PCI DSS also states that “Wireless must now be implemented according to industry best practices (e.g., IEEE 802.11i) using strong encryption for authentication and transmission.”
Most large retailers have IT professionals correctly put in place authentication methods. There are also additional requirements for companies that run on enterprise networks. It is important to get more than one opinion when trying to get compliant because some options are definitely more costly than others. PCI DSS is still new and has many different rules and regulations. You don’t want to put your company at risk and have to pay fines later.