If you offer public Wi-Fi access, in any shape or form, you need to be concerned with compliance, irrespective of the type of venue you have. Whether you run a hotel, a coffee shop, a retail store, a barbershop or something different, you are bound by the Data Protection Act, and thus there are regulations you must follow. You also need to be concerned with other types of legislation, such as the Digital Economy Bill, and you must also follow the requirements set out by the PCI DSS.
PCI DSS is an abbreviation for Payment Card Industry Data Security Standards. It is a collection of requirements for any merchant that stores, transmits or processes cardholder information. Under this standard there are wireless security requirements that must be met to ensure that cardholder details are protected.
You need to test for the presence of rogue wireless devices in the cardholder data environment. This requires a quarterly scan, with a visual network inspection also satisfying this demand. If you don’t have a cardholder data environment, separating your sensitive data from other traffic, then you need to do so under the PCI DSS. This is what Retail Secure specialises in with their innovative and cost-effective product RetailCompli.
This is incorrect. You still need to adhere to the rules, as rogue devices can compromise your network and consequently the payment cardholder data you store, transmit or process. This is why all businesses handling cardholder information need to carry out wireless scans at all of their sites.
This is a wireless PC that is unauthorised, unknown and unmanaged, yet attached to your network. These APs can expose cardholder information, which is why it is necessary for you to scan for them.
Yes, you must scan wireless networks across all sites.
It depends on what Merchant Level you are (please see the PCI FAQ page if you’re unsure about this). For level 2, 3 and 4, the Self Assessment Questionnaire is satisfactory, yet for Level 1 a Qualified Security Assessor must validate compliance.
Yes, you must retain any type of data that is necessary in terms of identifying those who are accessing the Internet. This can be location data and traffic data, which can then trace the communication source.
You need to retain location and traffic data that can be used to trace the source of communication. Examples include the likes of IP addresses, name, address, user ID, data and time of login, data and time of log-off and service used, i.e. IMAP, HTTP, SKYPE etc.
This is to assist law enforcement and intelligent agencies, such as the police, if they are investigating any activities relating to crime or terrorism.
You are expected to retain data for a minimum of 12 months, as per the Home Office’s request.
The Information Commissioner may enforce fines if you fail to make the data available.
You will face non-compliance fines, as well as severe damage to business reputation, as your customers’ sensitive data will have been compromised.
Offering guest Wi-Fi at your business is not as simple as investing in a router and making the network open. Instead, you need a solution that is tailor made to your needs while ensuring you meet all compliance demands. This is exactly what Retail Secure can assist you with. We provide legally compliant guest Wi-Fi solutions for all businesses.
There are no exceptions. You must ensure your Wi-Fi is legally compliant. However, Retail Secure do have a legally compliant guest Wi-Fi solution that is effective and affordable, and thus we can solve this problem for you.