We have a few small shops taking credit card payments and the PCI-DSS regulations in the US mean you are meant to completely segregate the network that the terminal is on from everything else. Also I I want to offer customer wifi in some locations and that really shouldn't be on the same network as my till PC and card machine. Now my first thought in fixing this is to go with microtik and sort out vlans which I'm assuming I can do with just about any routeros device. I then need to replace the plusnet routers with a straight bridge mode modem and I can't find anything other than the not-so-cheap https://www.draytek.co.uk/products/business/vigor-130 for VDSL as I am probably moving them all to FTTC. For a router I would grab something like a https://linitx.com/product/mikrotik...-classic-(routeros-level-4)-with-uk-psu/14384 Any thoughts on this plan?
There is someone on this forum who has used Microtik products for a number of years now and is very clued up on the range. I can't remember who off the top of my head sadly but a search should identify them easily. I recall the member recommending Microtik products regularly, so might be a good starting point to engage with them?
You can carve up networks quite easily with modestly priced networking gear from either MikroTik or Ubiquiti, depending on what sort of management experience you're after. However, my one piece of advice, do not wing it with PCI-DSS compliance. As a business, spend the requisite moneys to make it someone else's responsibility, whether that's payments as-a-service or a 3rd party integrator who you can pin it on if there's ever an issue.
Well I did configure the very cheap mikrotik router and rather expensive Draytek modem to segragate the Till & BusWifi from the Customer wifi and the card machine after a couple of attempts and probably now understand RouterOS confiug a bit better. Ultimately I'm paying Barclaycard to manage the compliance and they don't seem to recommend getting anyone else in and as long as it is stand-alone terminals I think it's okay. If card payments were going through the till PC it would be a different matter.
^^^ This, I cannot recommend this strongly enough. Penalties for not complying with PCI-DSS are harsh with no leeway.
Well I think I will be, I will go via Barclaycard Merchant services to see what they recommend. But bear in mind this is stand alone terminals. If they are hackable over the LAN then there is a big, big problem way beyond my router!
