Re: Compliance?
If the business has wifi available to customers they will have / should have already taken care of PCI compliance (by not having customers and PCI covered data using the same SSID) Adding this additional use of the customer wifi doesn't affect that.
Not that this isn't a terrible idea for other reasons. Fortunately on my iPhone the cellular setting has an AT&T menu item to enable/disable 'wifi calling'. I leave it enabled so it can use my wifi at home where I don't have the best cellular signal, but if they ever participated in a shady scheme like this I'd turn that off immediately - thus increasing the chance that I might switch to a different provider if I found one that had a better signal where I live.
Biting the hand that feeds IT
