PCI DSS requires regular testing because hackers constantly discover new ways to attack systems. You must regularly test your security controls to ensure they're still working effectively against evolving threats.
Wireless Access Point (WAP) Testing
A wireless access point is any device that allows Wi-Fi connections to your network - like your business router or Wi-Fi hotspot.
Quarterly wireless security checks: PCI DSS requires you to check every 90 days for unauthorized wireless devices trying to connect to your network.
How to do this:
- Connect to your own Wi-Fi network
- View a list of all nearby wireless access points
- Compare this list to your inventory of authorized devices
- Investigate and block any unknown access points
Why this matters:
Unauthorized wireless devices can create "backdoors" into your network that bypass your other security controls, potentially giving hackers access to cardholder data.
Action required:
Maintain a written inventory of all your authorized wireless access points and perform these quarterly checks to identify any unauthorized devices.