How Retailers Can Lock Down Wireless Networks to Prevent Fraud

By Tom Butts

Just as our devices are getting smarter, so are the hackers trying to break into them. Cybercrime will cost the world in excess of $6 trillion annually by 2021, according to a report by Cybersecurity Ventures. While this costly crime affects a multitude of players in retail — including consumers, credit card processors and merchants — it's the merchants that end up footing most of the bill.

The retail industry takes great precautions to prevent credit card fraud and other data breaches by focusing on the front end of operations, like improving staff training or making the move to new chip-card technologies, and ensuring all interactions are PCI-compliant.

Merchants that process credit card transactions are responsible for complying with the Payment Card Industry Data Security Standards (PCI DSS). Compliance is achieved when merchants successfully demonstrate, on an annual basis, that their entire system and processes comply with the 12 requirements of the PCI DSS. Audits can be completed internally or by an external vendor.

However, as security hacks are projected to continue growing, cybersecurity must become a top-level business priority rather than an IT-specific issue. It's imperative for companies to crack down on cybersecurity exposures and protect their customers’ credit card data, as well as prevent unnecessary losses to their businesses. Here are a few simple tips for retailers looking to lock down their wireless network:

1. Drive out the evil twin.

Cybersecurity starts with implementing a secure wireless infrastructure. Rogue Wi-Fi access points, fittingly named “evil twins,” appear to be legitimate, but have instead been set up by a hacker to fool customers when accessing a store’s wireless network. It's essential for retailers to use an enterprise-grade wireless router that offers high security and reliability, and is centrally managed and monitored. Choosing a commercial-grade router as opposed to a consumer-grade product ensures greater jurisdiction and control over the network range.

Retailers should also invest in wireless routers capable of setting up primary peer-to-peer VPN connections between store locations and headquarters as needed to further safeguard consumer information.

For wireless environments connected to the cardholder data environment or transmitting cardholder data, change ALL wireless vendor defaults at installation, including, but not limited to default wireless encryption keys, passwords and SNMP community strings.

Use WPA2/Enterprise as your primary authentication method. Experts strongly recommend using WPA2/Enterprise in conjunction with a RADIUS server. This provides a central repository for users or devices that are allowed to access the network, and allows for the use of certificates to authenticate both the server and device. Each SSID can use a different RADIUS server, providing separate authentication sources for each group (e.g., employees, point-of-sale devices, vendors). The key-exchange protocol for older versions of 802.11x encryption (Wired Equivalent Privacy, or WEP) has been broken and can render the encryption useless. Devices should be updated to support more secure protocols.

2. Keep your software up-to-date.

Within the past month, you’ve most likely heard of the spate of cyberattacks that have crashed banks and ceased operations in hospitals. And if you weren’t aware, most were a result of out-of-date operating systems.

Taking time to update software is no doubt a tedious and often time-consuming task, but failing to do so can put your business in a precarious situation. Retailers, regardless of size, should establish a plan to regularly update software. Otherwise, it's the equivalent of leaving your car keys hiding in plain sight for a car thief. Don’t do a hacker’s job for them.

Cloud-based management services play a centralized role to ensure that remotely deployed routers are automatically upgraded (per customer-specific policies) with the latest firmware. Network administrators can then choose the firmware version for a given group of devices and ensure it gets installed automatically.

3. Compartmentalize wireless access points.

In a mobile-driven world, your customers will likely want to access your wireless network when they enter your business. While this should certainly be encouraged, it’s essential that you separate their access from your internal users access.

Third-party vendors, like security cameras, temperature control, lighting or other service providers require network access. However, like customers, they too should have a separate pathway.

Retailers should separately stand up a wireless network specific to the needs of the business — e.g., credit card processing/POS operation, inventory control, digital signage, and so on — and keep it separate from the Wi-Fi network accessed by customers or third-party vendors.

Ultimately, the wireless pathway where the point of sale occurs should not share the same access point as corporate users, support users or consumers.

4. Loop in your employees.

In addition to arming yourself with the proper technology, retailers can safeguard their businesses from potential breaches by training their staff. Just as employees are essential to driving sales, they play a large role in keeping your business safe.

Teach your employees about the wireless security systems in place. Make sure they don’t fall victim to phishing scams targeting uninformed users. Your company is only as strong as your least-informed employee.

To put all of this in perspective, Microsoft projects between 600,000 to 700,000 cyberattacks per week, which means this could easily happen to any retailer. Protection against cyber criminals doesn’t need to be expensive, but it does require time and effort. Prioritize cybersecurity now, starting with locking down your wireless network, so you don’t need to pay for the repercussions later down the line.

Tom Butts is the CEO of Accelerated Concepts, a hardware designer and manufacturer specializing in cellular (LTE) networking equipment.