Got a question for the WiFi & PCI DSS Compliance gurus out there. I have outside vendors coming in for various community-wide events at my church. They want to run their square-esque devices on our guest WiFi network. While the guest network is isolated from the main org network, and devices on the guest network are isolated from each other, all devices (on the Guest WiFI) share the same VLAN. My understanding is that the network configuration is not PCI DSS compliant and consequently, the only credit card machines Bethel uses as an organization itself have a separate cellular data connection unique to each device.
What is my PCI DSS liability for outside vendors and their credit card machines though? For all practical purposes, I can’t stop them from using the guest Wifi. While it is technically their choice as to how to run their credit card machines, it’s our event, our building, and our network. How would the credit card companies view a situation like this in case of a breach?
– Edited to clarify that all devices on the Guest WiFI share the same VLAN. The main network is on separate VLAN(s).