And this week's StorefrontBacktalk podcast on security looks at the most absurd wireless security failures outside of retail. There's the pro sports team that kept all its wireless access points in default mode, with no encryption at all, and believed that approach was safe because the payment-card data itself was encrypted. And then there is the cruise line with wide-open Wi-Fi on its dock, taking passenger card numbers along with names and addresses on unsecured wireless because encryption was just too difficult to manage.
There's also the hotel chain that first learned about its wireless problem when one departing guest said he was very happy with the Wi-Fi offering. "As he was checking out, he mentioned to the desk clerk, 'Hey, I stay here all the time and I'm glad to see you guys have finally put in wireless hotspots,'" said one wireless security auditor. "She told the manager, 'This person's using our hotspot, which we know we don't have.'"
But a professional scan of the airspace turned up a wireless hotspot advertising itself right in the hotel lobby, asking for credit card information and room number and offering 24 hours of Wi-Fi. Where was it coming from? Tracking it down wasn't all that difficult. "There was an apartment building directly across the street from the hotel," the auditor said. "They actually traced it to a specific room, knocked on the door, and the gentleman who answered said, 'Oh yeah, I'm providing a hotspot.'"
To listen to the second of two StorefrontBacktalk podcasts on worst practices in wireless security, please click here.