Cisco Blogs

Cisco Extends Wireless Security Beyond PCI Compliance – Protecting Your Wireless Retail Transactions

January 19, 2011 - 3 Comments

Ever wonder who might be trying to access your credit card information when you make a wireless transaction at a gas station kiosk, buy a beer at a baseball game from your seat, or return a rental car right at the parking lot?

Cisco does, and knows how retailers are increasingly using wireless technology to conduct point-of-sale transactions in many of your favorite stores. In fact, more than 33% of retailers that responded to an InsightExpress survey (commissioned by Cisco), today use wireless to transmit cardholder data, while more than 35% of financial institutions reported doing so in the same survey. To help these retailers address wireless security concerns, Cisco is announcing significant improvements to its wireless network solutions that allow retailers to secure their wireless networks from attacks and improve security where point-of-sale data is transmitted wirelessly.

So how does this work? A simple software download allows Cisco access points to run in the new “Enhanced Local Mode” (ELM) feature of Cisco’s Adaptive wireless Intrusion Prevention System (IPS), which is being announced today (January 19). With this new feature, retail businesses will be able to use the same access points they’re already using for data, voice and video to also monitor their radio frequency (RF) spectrum for unauthorized attacks over their wireless network. Previously, these same retailers had to use a separate overlay network for data, voice and video in addition to a network for intrusion prevention.

Essentially, this means retail businesses are able to converge what was previously two wireless networks, one for data access and one for wireless scanning, into one network with similar features of a dedicated Cisco wireless IPS solution. That equals significant cost savings for the customer that can reach up to 50% for smaller network deployments

To give you another example of how this solution might benefit businesses, before implementing Cisco Enhanced Local Mode, a retailer operating a 30,000 square foot store would need five to ten access points to handle normal wireless applications, plus two dedicated access points for around-the-clock wireless IPS monitoring. After implementing ELM in their Cisco access points, the same retailer would be able to completely eliminate the two dedicated access points for monitoring, freeing up extra budget that was previously needed for two separate networks. Alternatively those two access points could be repurposed to increase the coverage or the density required for more bandwidth intensive applications (i.e. video over wireless) or latency sensitive applications (i.e. voice over Wi-Fi).

If you’re a business performing credit card transactions, then you’re familiar with PCI’s requirements, including the new PCI 2.0 update. PCI compliance is important, as non-compliance can lead to enormous fines and potentially very costly security breaches and decreased brand perception.

But unfortunately, PCI compliance is more than checking a box to ensure customer security, and doing so doesn’t mean your wireless transactions are completely secure. However, about 50% of companies today employ less preferred methods, such as quarterly scanning or physical inspection, and a frequently cited reason for that decision is cost. This is where Cisco comes in – this new Enhanced Local Mode innovation lowers the cost of securing the wireless network by integrating full Adaptive wireless IPS scanning into access points without reducing performance or compromising on security. On top of that, Cisco is also announcing new updates to its Wireless Control System (WCS) that will provide internal security reporting and audits that help businesses stay up to date with PCI compliance requirements. These improvements combined can effectively reduce both CAPEX (for wireless network infrastructure investment) and OPEX by simplifying processes for security monitoring and audit preparation.

So to summarize, by introducing this new Enhanced Local Mode functionality to wireless networks, Cisco is helping customers reach their goal of not only meeting and exceeding PCI requirements, but more importantly, securing their wireless network from any attacks in a simple and cost effective manner.

If you’re a retail business, what do you think? How has your business been affected by the advances in wireless security to protect your wireless point-of-sale transactions?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Thanks for sharing this content....

  2. Does this require a Cisco 3500 or will this run on the 1142 platform?

    • Russ, thank you for the question. Enhanced Local Mode will be available in all Cisco Aironet 802.11n APs. As such it will be available in both platforms you mention as well as the 1260, 1250, and 1040 series Access Points.