Secure Networks, Secure Devices

Our March 2006 cover story on RFID (radio frequency identification) elicited some passionate response from readers who count themselves as privacy and security advocates. To my knowledge, no other story we’ve ever produced prompted such a response. I found this interesting, considering that we’ve published thousands of stories on WANs and POS, for instance – two technologies that, combined, pose a far greater risk to information security and privacy than RFID does. To date, I haven’t seen any high-profile cases of identity theft or loss of sensitive data that happened at the hands of an RFID hacker. The vulnerabilities of networked retail information systems, however, are well documented and nonexclusive to certain sizes or types of retailer. A breach of security that recently caused major inconvenience for Citibank debit cardholders was attributed to “previous retailer breaches in the United States,” according to the company. The breach led to several hundred fraudulent ATM cash withdrawals being made in the United Kingdom, Russia, and Canada. In another instance, Sam’s Club, the members-only retail chain run by Wal-Mart, investigated a compromise of its fuel station POS system that involved about 600 cards.

The trend toward network-connected, PC-based devices has challenged the retail information security effort. While proponents cite the familiar user interface, functionality, and low cost of PC-based POS, detractors point to the window left open to hackers and viruses when a computer running nonproprietary software is connected – or otherwise exposed – to a public network. The potential liability makes a strong case for proprietary systems. But proprietary systems have long been perceived as closed and cumbersome, a reputation that proprietary retail systems manufacturers have worked hard to overcome. Rick Sterne, president of POS solutions provider Datasym, says companies like his have had to address the “closed system” perception by building integration tools into their applications, while touting proprietary solutions as the safe alternative. The current hypersensitive security climate has worked to the advantage of proprietary systems providers, whose applications aren’t as susceptible to worms, viruses, and the like written to corrupt Windows and other common platforms.

Buy The Systems You Like, Protect Them At The Network Level
Knowledge of Windows is almost inherent in your employee demographic (advantage PC-POS, though this advantage is shrinking as proprietary software vendors write programs that mirror Windows applications). Proprietary systems are less vulnerable to the evils that lurk online (advantage proprietary POS, though improvements in network security and mandates from credit issuers are leveling this playing field). The ease of integration advantage touted by “open” systems is narrowing with each generation of proprietary systems (no advantage).

In truth, no operating system is completely free from the threat of attack. Retailers should, therefore, fight the battle against network-borne viruses and hackers at the point of entry, not the point where collateral damage occurs. Call on your WAN and LAN providers to keep you apprised of the latest threats and the solutions on the market that thwart them. Buy the best, most functional POS and store systems you can afford – don’t choose one platform or another based on the likelihood of collateral damage following an attack. Instead, face the danger at the network level, and let your applications do what they’re designed to do for your business.