Avatar of Eric_Price
Eric_PriceFlag for United States of America asked on

Please provide some General Comments on PCI-DSS compliance in our environment

I  have some opinions based on our reading of the requirements, but Im looking for some unbiased second opinions.

Weve done things like changing default credentials, implementing firewalls, creating users with unique accounts and passwords, and deploying and monitoring the AV / security centrally. That Im not confused on.  That said...

We have 3 locations connected to main office by an MPLS network. Each of those locations, including the main office has WPA-secured wireless and at LEAST one PC that is joined to the domain, hardwired via a switch into the network, able to access internal file servers and the Internet AND with software loaded and keyed to it that allows it to process credit cards via a USB swipe card reader. These are "sales counter" machines that do "card present" transactions. The Software it runs is USAePay. Other PCs on the network are used to access our gateway providers website for the purpose of doing card present web transactions. The wireless is presently on the same subnet as the rest of the LAN at any given location.

No card data is stored in the business system in a defined form, but as a convenience for our customers some CC names and numbers are placed in an unamed spare text field (Like "notes") and referenced when the customer sends in an order (by our employee then running the card via the web interface mentioned above).

The wireless MUST be kept for warehouse scanner activities, and that wireless network must be connected to the same server where wired PCs access the business system. The sales counter PCs must in addition be able to access both the internal network / biz system AND the CC processor. Stand alone dial up card machines were deemed too slow for use.

So, what concerns do you see, and how are these concerns typically remediated?
SecurityVulnerabilitiesWireless Hardware

Avatar of undefined
Last Comment
aleghart

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
aleghart

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck