PA-DSS requirement 6.2
Secure transmissions of cardholder data over wireless networks
Since Maitre’D version 7.08.000, cardholder data is encrypted with strong encryption before being sent from the POS to the main Back-Office for processing. This encryption is enabled by default and cannot be disabled. There are no settings or options in the Maitre’D software that would allow for this encryption process to be disabled, either accidentally or on purpose.
If your wireless network is protected by WPA2 as it should, this means that there are now two layers of encryption protecting the cardholder data. First, a potential attacker would need to breach your wireless network, which should be very hard to achieve if it is properly protected. In the unlikely event that an attacker succeeds in breaching your wireless network, the cardholder data would still be protected by strong AES-128 encryption.
As a reminder, in order to use wireless communications in a secure manner, make sure to:
Securely implement wireless technology as outlined in PA-DSS requirement 6.1 above.
Use and manage wireless technology in a secure manner as outlined in PA-DSS requirement 6.3 below.
Dernière mise à jour