These days, Wi-Fi seems to be everywhere. Wireless networks are growing ever more ubiquitous, thanks to a proliferation of smartphones and tablets constantly on the hunt for connectivity. It isn't just hotels, restaurants, and coffee shops, either. Wi-Fi in retail has been a hot topic for some time now, with its champions touting in-store Wi-Fi benefits like better business analytics, improved customer interactions, and a customized in-store digital experience. And consumers are growing to expect wireless connectivity no matter where they go.
In a retail environment, however, the desire to offer wireless connectivity (and reap its associated data-mining rewards) as a customer amenity can be at odds with the need to secure sensitive information, such as cardholder data. Industry regulations like PCI DSS require businesses to protect the privacy and integrity of consumers' personal information, and regulatory bodies dish out stiff penalties to businesses that don't. The threat of those penalties and the potential damage to a brand's reputation and revenues should customer data be stolen (think Target) make protecting cardholder data critical to retailers' security strategies. When it comes to in-store wireless networks, however, protecting private data while providing public Wi-Fi can prove challenging.
The key security threat facing in-store wireless networks is the interception of data as it traverses the WLAN. Improperly secured Wi-Fi is extremely vulnerable to eavesdropping by enterprising hackers, as anyone who has had login credentials stolen after using them on a public network knows all too well. If store personnel are equipped to handle sales over Wi-Fi—using handheld POS systems or POS apps on mobile devices, for example—then cardholder data can become vulnerable to theft. Since mobilizing the POS and, by extension, the sales associate can greatly enhance the customer experience, it is vital to find ways to secure transactions and customer information on the in-store wireless network.
At a high level, securing customer data on an in-store wireless network will involve dividing the network into separate areas for separate purposes, commonly through the use of virtual LANs (VLANs) within the overall WLAN. This way, the store can provide one VLAN for customers, with registration open to the public, and another VLAN for sales associates and the back office. The sales associate and back office VLANs can then be more strongly secured through strict authentication, access control, and encryption measures in order to ensure the safety of cardholder data. This network segmentation has the additional benefit of making performance easier to control: more bandwidth can be assigned to the business-critical VLANs and higher priority given to the users and applications that use them to prevent money-losing slowdowns and outages.
In addition to segregating customer traffic from store traffic and strongly secure the store traffic, in-store wireless networks will benefit from activity monitoring and user tracking solutions that can identify unwanted activity, such as repeated attempts to access the network from outside the store or outside of business hours. Tools to block specific users and devices identified as suspicious will also help protect cardholder data from thieves.
In-store Wi-Fi can provide numerous benefits to retailers, ranging from a more agile and responsive sales model to a more enjoyable browsing experience, but it must be implemented in a way that keeps cardholder data and other sensitive information safe.
What do you think are the dangers of wireless networks in retail spaces? Tell us your thoughts in the comments.