Hackers can attack your Point of Sale (PoS) through your WiFi Hotspot
Some business owners face a new risk because thieves have discovered how to steal credit card information from point of sale (PoS) computers. The thieves get access to the PoS through WiFi Hotspots, which businesses have installed as a service for customers. This is possible when the WiFi Hotspot is connected to the same DSL or Cable service as the PoS computer. The PoS has to be connected to the Internet to process credit card payments. An expert computer hacker can access a PoS in a few minutes and the hacker need not be on the premises, most sit in the car park within range of the WiFi Hotspot.
All motels and hotels have a WiFi Hospot installed for guests to use. Unfortunately some businesses have already had credit card data stolen from PoS computers and thieves used the WiFi Hotspot to gain access. In cases where the theft of credit card information from a business computer is proven, then the merchant is liable for fines and suspension of merchant card services.
The credit card industry has published recommendations describing the precautions that the merchant must take to prevent theft of credit card information. This information is available as a download from the Security Standards Council called the PCI DSS Data Security Standard.
The PCI DSS has two recommendations regarding the installation of a public Internet service within the business premises. The first is that the WiFi Hotspot and PoS computer must use different DSL/Cable connections. Secondly, if only one Internet circuit is available then a firewall must be installed to prevent Hotspot users getting access to the PoS computer. Businesses that process a large volume of credit card charges must have the network installation certified by a qualified consultant.
Larger hotels have bigger budgets for IT and so the cost of a T1 data circuit for the property management system / PoS, and a separate business DSL for the guest Internet service is affordable. Smaller properties have tighter budgets and cannot afford the additional $1000+ annual cost of a business DSL service dedicated exclusively for guest Internet access.
One DSL or Cable circuit can be used for both the PMS/PoS and the WiFi Hotspot service by installing a Hotspot gateway that includes a firewall to block access to the PoS. Products that combine the WiFi hotspot gateway function together with a firewall can cost less that $200. The combined gateway and firewall products permit the motel owner to comply with PCI DSS recommendations while working with a tight budget.
The combined gateway-firewall product is very easy to install and can be used to upgrade an existing WiFi hotspot service. Most motel network installations look like the diagram below. The business computers are connected to the DSL or cable modem. Additionally there is an Ethernet switch that is used to connect wireless access points for the guests, and possibly a guest computer in the lobby area or in a business center.
The Hotspot gateway with firewall is installed between the public network and the private network. This is the GIS-R2 Hotspot gateway. The public network includes wireless access points and business center computer. The private network includes the DSL or Cable modem, point of sale computer, and property management system computer.
The Hotspot gateway and firewall provides several essential functions in addition to the firewall.
- Firewall: blocks access to the private network from the public network for PCI DSS compliance
- Login page with optional customization
- Login page legal disclaimer which can be edited
- Generation of access codes to provide to guests
- Redirection of users to the motel web page
- Data speed control: prevent users who download large files from slowing the network for everyone
- Content filtering which blocks access to porn and similar web sites
- Report of guest Internet usage
- Remote configuration
- Interface for PMS system integration (API)
The firewall is very effective because it deletes any data packet that a hacker in the public network tries to send to a computer in the private network. The access control using pass-codes also means that no one can sit in the motel car park and get Internet access. Only guests who have been given access pass-codes get Internet access. This low cost network upgrade gives a big piece of mind.
For additional product information please go to the GIS-R2 Hotspot gateway page.