The Payment Card Industry Data Security Standard (PCI DSS) requires all businesses to ensure that credit card information is protected, by preventing unauthorized access via the network, using one or more firewall products.
Network designs have two points of entry for hackers who try to steal credit card information from point of sale computers.
The first point of entry is through the Internet connection. The outbound Internet connection is required to process credit card information. However the inbound direction has to be blocked to prevent hackers using the internet to access the point of sale computers.
The second point of entry is through any wireless access point that is provided for guests and visitors to get Internet access.
The PCI DSS standards recommend that two separate Internet circuits should be used: one for the point of sale system, and one for the public guest Internet network.
One Internet circuit can be used when firewall devices are installed to protect the point of sale system from attack. A firewall however is only as good as the person who configures the firewall. It is necessary to take great care when writing the firewall rules to ensure that no path exists for a possible attacker.