A restaurant group had been flagged by their card payment processor during a routine PCI DSS scoping review. Across all three locations, the guest Wi-Fi network and the point-of-sale terminals were on the same flat network with no segmentation. Under PCI DSS v4.0, any network touching cardholder data needs to be isolated from other systems, including public Wi-Fi. The processor gave them a 60-day remediation window or face surcharges and potential termination of their payment facility.

The infrastructure was inconsistent across sites — one had a basic ISP-supplied router with no VLAN support, one had an older Ubiquiti UniFi setup configured incorrectly, and the third had a mix of consumer-grade Netgear kit and a managed switch nobody had touched since installation. All three used Dojo terminals but each had been set up independently with no consistent network design.

WHAT WE DID

We scoped the remediation across all three sites, then planned the work for a single weekend, Saturday evening after last orders through to Sunday afternoon. At site one, the ISP router was replaced and we created three VLANs: one for Dojo payment terminals, one for staff operations, and one for guest Wi-Fi, with firewall rules preventing any inter-VLAN traffic involving the payment network. Guest Wi-Fi was configured with client isolation enabled and bandwidth throttled at 10Mbps down.

Site two already had UniFi hardware but the original installer had accidentally trunked the payment VLAN to the guest access point. Site three needed the most work, the Netgear consumer kit was retired entirely and replaced with a UniFi Access Switch and two access points, giving us a consistent setup across all three locations managed from a single cloud controller. We documented network diagrams and a remediation summary sent directly to the payment processor's technical team as PCI DSS re-assessment evidence.

SERVICES INVOLVED

• Network Infrastructure
• PCI DSS Remediation
• Managed Wi-Fi