No, it is unlikely that device will help.
This is a fairly heavyweight requirement. Fulfilling it involves a combination of techniques, such as physical inspection, network and computer automated/enforced policies, and tools/products such as a wireless ids/ips.
A couple of ids/ips examples:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/wireless_ips.html
http://www.bluesocket.com/media/Bluesecure_IDS.pdf
Reviewing the actual text of the requirement, this can be challenging because an "access point" may be a wireless card (which can function as an AP), a phone, or some other USB connected device.
One possible interpretation is an auditor could conceivably test this by connecting a USB device or phone to a pc, and see if they can get access to your network, and it that is detected and an appropriate response is generated. Some organizations may fail one or more of these tests, so there would need to be "compensating controls" to mitigate the risk.
PCI DSS Requirements
11.1 Test for the presence of wireless access points and detect unauthorized wireless access points on a quarterly basis.
Note: Methods that may be used in the process include but are not limited to wireless network scans, physical/logical inspections of system components and
infrastructure, network access control (NAC), or wireless IDS/IPS.
Whichever methods are used, they must be sufficient to detect and identify any unauthorized devices.
Testing Procedures
11.1.a Verify that the entity has a documented process to detect and identify wireless access points on a quarterly basis.
11.1.b Verify that the methodology is adequate to detect and identify any unauthorized wireless access points, including at least the following:
- WLAN cards inserted into system components
- Portable wireless devices connected to system components (for example, by USB, etc.)
- Wireless devices attached to a network port or network device
11.1.c Verify that the documented process to identify unauthorized wireless access points is performed at least quarterly for all system components and facilities.
11.1.d If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to personnel.
11.1.e Verify the organizations incident response plan (Requirement 12.9) includes a response in the event unauthorized wireless devices are detected.
First, DON'T capitulate. He is not only an idiot but DANGEROUSLY wrong. In fact, releasing this information would violate the PCI standard (which is what I'm assuming the audit is for since it's a payment processor) along with every other standard out there and just plain common sense. It would also expose your company to all sorts of liabilities.
The next thing I would do is send an email to your boss saying he needs to get corporate counsel involved to determine the legal exposure the company would be facing by proceeding with this action.
This last bit is up to you, but I would contact VISA with this information and get his PCI auditor status pulled.
Best Answer
Generally, if you store payment card data somewhere, you will be audited by the PCI-DSS police(AMEX,VISA,MASTERCARD). If you are using a 3rd party for the transactions and storing of payment card data, then they should be able to provide you with their PCI-DSS audit report/certification. They may also require you to comply to their rules, via service agreement/contract.