Requirement 6: Protect wireless transmissions
Details about how requirement 6 and subrequirements 6.1, 6.2, and 6.3 are fulfilled.
This requirement does not apply to IBM® Safer Payments itself, as the software does not require wireless transmissions. If the licensee uses wireless transmission, it must be ensured that subrequirements 6.1, 6.2 and 6.3 are met.
Requirement 6.1
For payment applications using wireless technology, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. The wireless technology must be implemented securely.
To ensure compliance, you must verify that
- Default encryption keys are changed at installation, and are changed anytime anyone with knowledge of the keys leaves the company or changes positions.
- Default SNMP community strings on wireless devices are changed.
- Default passwords/passphrases on access points are changed.
- Firmware on wireless devices is updated to support strong encryption for authentication and transmission over wireless networks.
- Other security-related wireless vendor defaults are changed, if applicable.
- Firewalls are installed between IBM Safer Payments (and other systems that store Cardholder Data) and wireless networks.
- Firewalls are configured to deny or control, if such traffic is necessary for business purposes, any traffic from the wireless environment into the Cardholder Data environment.
Requirement 6.2
For payment applications using wireless technology, payment application must facilitate use of industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission.
When you use wireless technology with IBM Safer Payments, you must ensure that
- Industry best practices (for example, IEEE 802.11i) are used to include or make available strong encryption for authentication and transmission.
- PA-DSS requirement 6.1 is fully met.
Requirement 6.3
Provide instructions for customers about secure use of wireless technology.
When you use wireless technology with IBM Safer Payments, you must ensure that
- PA-DSS requirement 6.1 is fully met.
- PA-DSS requirement 6.2 is fully met.