<p>POS systems would indeed see some level of PCI requirements (since they receive credit card #'s), but I think the conventional approach is to use SSL for transport and, and for the POS to otherwise assume its connection back to merchant services to be unfriendly.  Compare Square's credit processing, which uses SSL over whatever connection is available, and where locally collected personal info (card swipe data) is not stored locally in some fashion that could be compromised. Meraki, a commercial mesh wifi vendor, has whitepapers on their PCI and HIPAA compliance status, which are likely good points of reference:<br>
<a href="https://meraki.cisco.com/lib/pdf/meraki_whitepaper_HIPAA.pdf">https://meraki.cisco.com/lib/pdf/meraki_whitepaper_HIPAA.pdf</a><br>
<a href="https://meraki.cisco.com/lib/pdf/meraki_whitepaper_PCI.pdf">https://meraki.cisco.com/lib/pdf/meraki_whitepaper_PCI.pdf</a></p>

<p>HIPAA and PCI would be terrifying cans of worms to open.  I think the usual approach is to not open them unless your legal council says you have to, and/or explain in thorough detail (cf. Meraki's white papers) your best efforts in performing the due dilligence that is possible. ;)</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href="https://github.com/opentechinstitute/commotion-router/issues/150#issuecomment-59838814">view it on GitHub</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/3074564__eyJzY29wZSI6Ik5ld3NpZXM6QmVhY29uIiwiZXhwaXJlcyI6MTcyOTQ1Nzk5MSwiZGF0YSI6eyJpZCI6NDYzNjc4NDR9fQ==--b117d52935d69a4aec612bfe7b60f6339720a764.gif" width="1" /></p>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"View this Issue on GitHub","action":{"@type":"ViewAction","url":"https://github.com/opentechinstitute/commotion-router/issues/150#issuecomment-59838814","name":"View Issue"}}</script>