You wirelessly make a credit-card transaction at a gas station kiosk, and wonder if anyone is grabbing your info. On Wednesday, Cisco Systems took a step to improve wireless security for financial transactions as it announced new network solutions to allow retailers to increase the security on their wireless networks beyond what is required by the Payment Card Industry (PCI) standard.
A survey by InsightExpress, conducted for Cisco, found that more than a third of retailers use wireless technology to transmit cardholder data, and more than 35 percent of financial institutions do the same. Cisco's solution offers a software download that enables Cisco access points to run in a new Enhanced Local Mode, or ELM, part of the company's new Adaptive Wireless Intrusion Prevention System (IPS).
'Significant Cost Savings'
With the download installed, businesses can continue to use the same access points they're using for data, voice and video, but now they can also monitor the radio frequency spectrum for attacks. Cisco's previous solution was one network for data, voice and video, and another for intrusion prevention.
On the company blog, Cisco's Ben Stricker said the integration of the two networks means "significant cost savings" for a business -- as much as 50 percent for smaller network deployments.
Stricker said that, before ELM, a retail business with a 30,000-square-foot store would have needed as many as 10 access points to handle wireless transactions, plus two additional dedicated access points for full-time wireless intrusion prevention. With ELM, the retailer no longer needs the two additional access points. In addition, ELM covers more threats than the limited protection Cisco previously offered.
Along with IPS, Cisco is announcing updates to its Wireless Control System, which allows businesses to stay on top of PCI Data Security Standard compliance. The company said IPS offers more PCI compliance tools than its previous product, including summary reports, the ability to address compliance at individual locations or devices, and other improved features.
New PCI Standard
The InsightExpress survey for Cisco found that slightly more than half the respondents felt that compliance with the PCI security standard is a burden, but necessary. About 85 percent felt their organization could pass a PCI audit, even though a third were looking at additional measures to boost their security. Sixty percent said they had budgeted between $100,000 to more than $1 million on PCI compliance.
The compliance standards are set by the PCI Security Standards Council. A new PCI Data Security Standard was released in October and went into effect the first of the year, but some industry observers have complained that it doesn't adequately protect emerging mobile-payment technologies, such as add-on payment devices for smartphones.
Cisco has said the new PCI spec focuses only on rogue wireless access points, and can't deal with threats such as ad-hoc wireless bridging or denial of service.