The growing trend to accommodate consumers' interest in flexible payment options has driven retailers, restaurants, banks and service providers to offer widespread availability of credit/debit and cash machine POS card processing. The credit card processing machine is no longer found only at the cash register in the front of the store. The latest trends require new thinking to accommodate retrofit, mobile, temporary and handheld credit processing options.

Examples include handheld waiter terminals, petrol station POS, kiosks at sporting events, temporary checkouts to accommodate peak periods, etc. Many of these applications present challenges to traditional methods of connecting a telephone line or network cable to the POS device. Manufacturers of POS devices have incorporated wireless technology enabling faster installation at lower cost than wired networks and facilitating mobile POS solutions.

Security Concerns

A common wireless technology used in POS applications is a WLAN radio compliant with industry standard 802.11. These small, cost effective radios allow POS devices to communicate wirelessly to a PC network backbone that routes the financial transaction for approval. However, due to some widely publicized security breaches, many POS manufacturers and the companies considering implementing wireless POS devices are understandably concerned about the security of their customer's financial information.

Security researchers who study wireless networks have found an embarrassing information leak, this one involving a well-known retail giant. Some stores use cash registers with wireless networks that beam data -- including credit card numbers -- to a central computer elsewhere in the store. But a hacker can sit in a store's car park and 'listen in' to the data. Indeed, the American consumer electronics retailer Best Buy Co. recently shut off wireless cash registers at its stores after being alerted to the potential problem, saying it was investigating the issue.

In another case, a group of researchers -- with the permission of the network administrator -- were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exploited this design failure. A paper entitled 'Using the Fluhrer, Mantin, and Shamir Attack to Break WEP' describes the attack, how it was implemented, and some optimizations to make the attack more efficient. The report concluded that 802.11 WEP is totally insecure.

Choosing the Right RF

The problem is not wireless per se, but the type of radio chosen. By their very nature, wireless LANs are designed to interoperate. 802.11 radios from diverse manufacturers must pass compatibility testing to assure that they communicate with each other. One radio can easily eavesdrop on another radio. To restrict access to confidential information, WLAN manufacturers implemented an encryption protocol called WEP. A typical 802.11 radio is shipped with WEP 'off' and the user must enable encryption when they install on their PC. In the case of POS and other devices that are not PCs, this encryption must be enabled in firmware, and as is evident this has not always been the case.

To further complicate matters, the WEP security has proven fairly simple to crack. A team of engineers sent the same data file with and without encryption enabled and then compared the results to determine the secret key. When confidential information concerning customer's financial transactions are involved, an 'open-standard' radio that allows simple eavesdropping is not the right solution.

OEM's requiring mobility and high security have been turning to manufacturers of proprietary RF networks such as AeroComm to provide solutions. AeroComm markets a line of frequency hopping, spread spectrum (FHSS) transceivers ideally suited to POS communication. Lets look at how this is achieved.

Proprietary Standard

AeroComm radios communicate on a proprietary standard, that is they talk only to other AeroComm radios and not with radios of any other manufacturer. A person wanting to listen to wireless POS transactions could not pick up AeroComm's communication using any other radio. Using an approach originally developed for the military, FHSS radios transmit for short periods of time on one frequency before hopping to another frequency to continue transmission. These radios continuously hop on a pseudo random basis. Consider the difficulty listening to your favorite radio station if it changed its transmitting frequency 10 to 1,000 times a second with no apparent pattern.

It is considerably more difficult to intercept communication on an AeroComm radio than on a telephone line or a wired LAN. But supposing a thief got his hands on an AeroComm radio and decides to listen in, how is that prevented? Unlike 802.11 radios that have drivers operating on a PC, AeroComm security parameters are embedded in firmware that cannot be read over the air.

System ID
An OEM embeds a unique security code (there are 264 options) in firmware to each radio at the time of configuration. AeroComm does not know this number. Again, other AeroComm radios will not link up with each other unless their System ID is identical.

Channel Number
AeroComm radios operate on a network referred to as a Channel. This determines the unique pseudo-random hop table all radios in the network must follow. AeroComm provides 77 different channels. Radios must be on the same System ID and Channel to establish synchronization. So the potential eavesdropping radio will not even link up with other AeroComm radios unless the Channel number is identical.

Address
Each AeroComm radio contains a unique identification number or MAC address embedded in firmware. Certain software instructs radios to communicate only with a radio with a specific address. If an eavesdropping radio hears a packet targeted at another radio, it will not pass on that data to the host device.

Enhancing Security

Unlike 802.11 radios that must adhere to industry standards, AeroComm can provide a specific solution that isolates communication from any other AeroComm radio. AeroComm will modify certain variables or develop custom protocol making it impossible for other AeroComm radios to communicate. This information is shared under NDA with qualified prospective OEMs.

But how do POS manufacturers further enhance security? Most POS data is encrypted before it is sent over the wired or RF network. An AeroComm radio is ideal to transmit 3DES type data.

AeroComm radios and POS devices each contain unique identification numbers that can be linked and stored on the financial server to verify that a transaction has been initiated by a valid set of equipment. Unauthorized transactions initiated by out of network equipment are flagged.

In summary, proprietary RF networks are highly secure and can be implemented without the risks associated with 802.11 compatible radios or other open standards such as Bluetooth. In fact, proprietary networks are so much more difficult to intercept, they are preferred even to wired alternatives for high confidentiality applications.