Best Buy reactivates wireless LAN cash registers

Best Buy has resumed using wireless cash registers, saying it has beefed-up security.

Best Buy Co. has resumed the use of its wireless LAN cash registers, saying it is now using beefed-up security to protect its data. The move comes just over a month after the company shut down the registers after reports on an Internet security list that they were transmitting customer information -- possibly credit card numbers -- in the clear (see story).

Laurie Bauer, public relations director for Eden Prairie, Minn.-based Best Buy, told Computerworld in an e-mail last night that the company had returned the wireless registers to service after adding additional security measures that she did not identify.

"Best Buy continually updates its security to ensure the privacy of customer data," Bauer said in the e-mail. "We have implemented security measures on our wireless registers and have resumed using the temporary registers as needed. Wireless register transactions represent less than 1% of sales."

Just minutes after Bauer's e-mail was received, Computerworld received an e-mailed posting on the vuln-dev list at SecurityFocus.com, which originally reported Best Buy's problems, from a "war driver" who said he could again sniff out the company's wireless infrastructure. (A war driver is a hobbyist who drives around and tries to detect 802.11b wireless LAN access points with free Web tools such as NetStumbler.)

According to the posting, Best Buy has "tuned down" its wireless LAN. But the war driver said he could still pick up a signal without an external antenna. The poster did not indicate what kind of data he detected.

Despite numerous phone calls and e-mailed requests for more information about the reactivated cash register system, Best Buy officials couldn't be reached for comment.

Gemma Paulo, an analyst at In-Stat/MDR in Scottsdale, Ariz., said that if Best Buy has installed multiple layers of security, such as virtual private networks, on its wireless cash registers, it has little to worry about. But, she said, Best Buy should also realize that since the original vuln-dev report in May, the company has become a target for war drivers, some of whom report buying their war-driving wireless LAN gear at Best Buy.

Atlanta-based The Home Depot Inc., which was also reported to be transmitting in the clear, continues to stick to its policy of not transmitting customer data over wireless LANs, according to spokesman Don Harrison. Any sensitive customer data is transmitted only over hard-wired systems, Harrison said.

The company does, however, use wireless LANs for inventory and stocking operations.

Copyright © 2002 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon