Study: Lax retail wireless security

Marketplace Staff Nov 22, 2007
HTML EMBED:
COPY

Study: Lax retail wireless security

Marketplace Staff Nov 22, 2007
HTML EMBED:
COPY

TEXT OF STORY

Scott Jagow: It’s always a little scary giving out your credit card number online. I know it’s supposed to be safe — but still…

And unfortunately, using your credit card at the store isn’t completely secure either. Marketplace’s John Dimsdale tells us about a new study.


John Dimsdale: A wireless security company, AirDefense, sent people with laptop computers into 3,000 stores in major cities to see what sort of electronic signals were flying through the air. In nearly a fourth of the stores, transmissions between handheld devices and mainframes had no security encryption. Another 25 percent used an easily broken password.

Only a few signals included credit card information — but AirDefense’s Richard Rushing says that doesn’t matter.

Richard Rushing: The problem is its all interconnected. And if a bad guy is going to go get credit cards, first thing he needs to ever get credit cards is to connect to that network. If you’re providing either an open connection or a weakly encrypted network, that’s kind of his avenue in.

Rushing says by intercepting a store signal, a hacker can easily access credit-card lists kept on mainframes at corporate headquarters.

How much do thieves buy with stolen credit card information? Nobody knows. Avivah Litan, a security expert with Gartner, says that’s because retailers don’t want to report it.

Avivah Litan: They already feel burdened by too much regulation. And the less visibility they have to the regulators, the better off they think they are. The reporting is so scanty, and the regulators don’t even know what’s going on, frankly.

Litan estimates some $10 billion is charged on fraudulent credit cards every year in the U.S. Individual users are only liable for $50, and credit card companies usually make that liability zero. But Litan says the losses are eventually passed on to all shoppers thru higher prices.

In Washington, I’m John Dimsdale for Marketplace.

As a nonprofit news organization, our future depends on listeners like you who believe in the power of public service journalism.

Your investment in Marketplace helps us remain paywall-free and ensures everyone has access to trustworthy, unbiased news and information, regardless of their ability to pay.

Donate today — in any amount — to become a Marketplace Investor. Now more than ever, your commitment makes a difference.