Security safeguards are essential for any business that processes payment card transactions. Millions of consumer credit card transactions are processed every day by a range of organizations, including hospitality, transportation, higher education and retail. These organizations must protect customer information from fraud and identity theft by cyber-criminals. To address this issue, the Payment Card Industry (PCI) Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The PCI Security Standards Council helps facilitate broad adoption of consistent data security requirements, guidelines, and measures on a global basis. ProCurve Networks is a PCI SSC Participating Organization.
With the wide adoption of Wi-Fi by consumer-facing businesses, Wi-Fi enabled Point of Sales (POS) devices are now being deployed. These POS devices and the Wi-Fi network they rely upon are vulnerable to cyber criminals if proper security measures are not in force. In fact, Wi-Fi networks were exploited in a massive fraud perpetrated on nine major US retailers, as revealed in Federal indictments issued in July, 2008. Several of these institutions were completely unaware of the fraud in which 40 million credit and debit card numbers were stolen over a period of several years. Therefore, the importance of deploying a secure Wi-Fi networking environment that prevents “backdoor” attacks should not be under estimated.
To assist the industry with guidelines aimed at avoiding potential threats when using payment cards, the PCI Data Security Standard version 1.2 provides multifaceted guidelines for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help retail merchants and payment processing organizations proactively protect customer account data during a purchasing transaction.
Ensuring the integrity and security of the data transported over Wi-Fi networks is a critical challenge for organizations collecting and processing payment cards. ProCurve understands these challenges and enables customers to reap the benefits of ProCurve' award-winning WLAN solution with specific features designed for PCI DSS version 1.2 compliance, including:
- Full-time Intrusion Detection/Prevention
Protects WLANs and the enterprise networks they are connected to by continuously scanning both networks, immediately and accurately identifying threats, and enabling automated responses that prevent data loss. It also prevents connections to external neighboring wireless systems and phishing attacks.
- 802.11i encryption and authentication (WPA/WPA2)
Provides strong authentication capabilities for authorized clients and ensures robust encryption of cardholder information being transmitted over the airwaves between Wi-Fi POS devices and Wi-Fi access points.
- Secure Traffic Tunneling
 Secures transaction traffic end-to-end as it is transported between the Wi-Fi POS device and the WLAN controller using either AES or IPsec encryption. This approach enables customers to use a single network infrastructure to deliver a cost-effective range of services that includes secure payment card transactions.
- Centralized security management
Security policies are centrally defined for ease of administration and enforced at the network edge, preventing unauthorized traffic from reaching the backbone network. All security features are managed exclusively by the ProCurve MultiService Controller, which can be installed in a secure location and is further protected by a built-in stateful firewall. Access points contain no stateful security information, preventing cyber-crooks from extracting information from a stolen access point.
- Secure administration
External RADIUS AAA or Microsoft Active Directory servers can be leveraged to comply with the PCI DSS v1.2 administrative credentials requirements. The ProCurve products fully integrate with these services in order to implement access policies and to provide strong password protection of the administrative interfaces used to manage the Wi-Fi infrastructure. This allows the administrator to enforce stronger requirements based on corporate security policies and to comply with the PCI DSS v1.2 administrative credentials requirements.
- PCI compliance reports
Detailed reports prepare organizations for quarterly PCI compliance audits.
In addition to the features designed specifically for compliance with the requirements of PCI DSS version 1.2, ProCurve goes a step further in strengthening the security of the Wi-Fi network with the following products:
- HP ProCurve MultiService Access Point Model 630 (MAP-630), a tri-radio access point, delivers simultaneous high performance access for 802.11a and b/g clients, plus dedicated, real-time RF security monitoring. Using three dedicated 802.11 a/b/g radios: one each for the 2.4GHz and 5GHz bands, and one dedicated to continuous RF security, the MAP-630 allows organizations to provide total access to 802.11a and 802.11 b/g clients, while the third radio is dedicated solely to network security monitoring across both bands. Competing WLAN solutions, which use dual radios, only perform intermittent security scans, interrupt the flow of client traffic, and can negatively impact performance.
- ProCurve’ RF Manager complements wired security systems by automatically identifying and immediately blocking all unauthorized wireless connections and traffic — without disrupting the performance of authorized communication. Patented, award-winning technology prevents all major categories of threats from compromising the network, including rogue APs, unauthorized connections and hacker attacks, without time-consuming false positive alerts. The RF Manager works in concert with ProCurve dual and tri-radio MultiService Access Points (MAPs) with RF sensors to detect and prevent network security breaches.
|
