An in-store Wi-Fi system is now an essential element of the retail shopping experience. Nearly 80 percent of all shoppers use a mobile device to search for product information while shopping in physical stores, according to a study by content management provider Salsify.
Retailers naturally want a fast and reliable Wi-Fi network that makes shopping more convenient for customers. However, they must also take steps to protect customer privacy. As retailers boost their digital presence, they have become even more susceptible to attack. For all its customer benefits, in-store Wi-Fi has also become a favorite target for hackers.
Public Wi-Fi makes it remarkably easy for hackers to gain access to the store’s network and to shoppers’ devices through rogue access points (APs). With not much more than a laptop and a USB antenna, hackers can create unauthorized Wi-Fi hotspots that appear to be legitimate.
For example, if a hacker configured a laptop or device to act as a soft AP with an innocuous name such as “Mall Wi-Fi,” chances are good many shoppers would assume it was authentic. However, once you log in, the hacker can capture your passwords, access other sensitive information, inspect or inject data packets into your data stream, or persuade you to download malware.
To understand how easily people are fooled, a security vendor ran a rogue AP experiment at the RSA Conference 2017 in San Francisco. They were able to lure 4,499 Wi-Fi clients to log in to their fake network. Keep in mind that this conference is specifically devoted to IT security issues, so those who were tricked were almost exclusively IT security professionals.
Retailers can’t simply take a “buyer beware” approach to warning customers about the dangers. They are obligated to protect their customers from such scams. The Payment Card Industry Data Security Standard (PCI DSS) requires all merchants to scan their environments quarterly for wireless access points to ensure no unauthorized APs are connected to the network. Even retailers who don’t operate Wi-Fi services are required by PCI-DSS to scan for rogue Wi-Fi networks that may be surreptitiously deployed within their stores.
Scanning solutions identify all APs in the environment and compare them to a database of authorized APs. Any that don’t match the master list are flagged for further investigation by a system administrator.
It’s also a good idea to separate wireless customer Internet access from employee network access with group isolation measures. By placing the two segments in different zones, someone who gains access to the public Wi-Fi cannot gain access to the internal network or point-of-sale systems.
SageNet has been designing, implementing and securing wireless networks for more than two decades. Our portfolio of managed Wi-Fi solutions includes a full range of security measures for retail Wi-Fi environments. Our rogue Wi-Fi detection services provide the tools and techniques to detect and report rogue Wi-Fi networks to ensure compliance. We also offer comprehensive, real-time monitoring, management and support of mission-critical assets and wireless networks. Give us a call to learn more, or go hereto schedule an assessment of your Wi-Fi network.