Study: Lax retail wireless security
Credit Card Terminal
TEXT OF STORY
Scott Jagow: It's always a little scary giving out your credit card number online. I know it's supposed to be safe -- but still...
And unfortunately, using your credit card at the store isn't completely secure either. Marketplace's John Dimsdale tells us about a new study.
John Dimsdale: A wireless security company, AirDefense, sent people with laptop computers into 3,000 stores in major cities to see what sort of electronic signals were flying through the air. In nearly a fourth of the stores, transmissions between handheld devices and mainframes had no security encryption. Another 25 percent used an easily broken password.
Only a few signals included credit card information -- but AirDefense's Richard Rushing says that doesn't matter.
Richard Rushing: The problem is its all interconnected. And if a bad guy is going to go get credit cards, first thing he needs to ever get credit cards is to connect to that network. If you're providing either an open connection or a weakly encrypted network, that's kind of his avenue in.
Rushing says by intercepting a store signal, a hacker can easily access credit-card lists kept on mainframes at corporate headquarters.
How much do thieves buy with stolen credit card information? Nobody knows. Avivah Litan, a security expert with Gartner, says that's because retailers don't want to report it.
Avivah Litan: They already feel burdened by too much regulation. And the less visibility they have to the regulators, the better off they think they are. The reporting is so scanty, and the regulators don't even know what's going on, frankly.
Litan estimates some $10 billion is charged on fraudulent credit cards every year in the U.S. Individual users are only liable for $50, and credit card companies usually make that liability zero. But Litan says the losses are eventually passed on to all shoppers thru higher prices.
In Washington, I'm John Dimsdale for Marketplace.