Mobile POS’s Unfixable Single Point Of Failure: Wi-Fi

Written by Frank Hayes
October 13th, 2011

Just when you thought you had figured out how to deploy in-store mobile devices, something comes along to remind you that it’s not that simple. Last month, the FCC ordered 20 small online retailers to stop selling illegal devices that jam the signals for mobile phones, GPS and Wi-Fi. No surprise there—but also not much impact, because such devices are easily available from other online retailers. That means anyone willing to pay as little as $80 could walk into a store in your chain and jam the Wi-Fi that your mobile POS depends on.

It’s a classic single-point-of-failure problem, and it could be frighteningly disruptive—especially since this holiday season will be the first at many stores with lots of in-store mobile devices in use, and almost all retailers are using Wi-Fi to keep them connected. A saboteur who uses a pocket-size jammer wouldn’t have access to payment-card information, but what’s supposed to be an impressive demonstration of retail technology would just irritate customers and frustrate associates—especially during the high-volume times that mobile POS should be a relief. And that’s just from an intentional saboteur. Unintentional Wi-Fi jamming could have even worse effects.

The problem is that many in-store mobile devices, including the iPod Touch, use Wi-Fi with 2.4 GHz signals. That frequency range is not exclusively for wireless networking. Cordless phones, wireless microphones and other personal radio products were made for years that used signals in the same range.

That means a saboteur or prankster isn’t the only one who might walk into the store and jam the Wi-Fi. To be clear, what’s illegal is to “willfully or maliciously interfere with or cause interference to any [legal] radio communications,” as the FCC’s order put it. It’s also illegal to market devices for the purpose of creating interference. So that saboteur who turns on a jammer in the store is breaking the law.

But a shopping-mall musical performer who comes into the store and forgets to turn off her wireless mike—that’s not illegal. The mike’s not illegal, and neither is forgetting to turn it off. That doesn’t make it any less a problem if it disrupts a customer’s mobile checkout.

Small children who bring in certain radio-powered toys can be just as disruptive, even if the kids themselves are well behaved. Just as bad can be malfunctioning phones or PDAs that scatter static across the Wi-Fi band, especially if it happens in momentary bursts that are just long enough to break a Wi-Fi signal.

Even more of a potential problem is Wi-Fi equipment from other retailers—such as pop-up stores.


2 Comments | Read Mobile POS’s Unfixable Single Point Of Failure: Wi-Fi

  1. ed Says:

    One frightening aspect of this is social engineering where an 10 year old can own the “jammer” device and cannot be charged as an adult but can disrupt the transactional process of a small store at the height of their shopping season.

    The only true solution is a wired primary system installed in place. M-commerce/Wi-Fi should just be a “nice to have” and not a critical transaction component of any retail operation.

    With that said, I prefer mobile/wi-fi to be limited to digital signage, product/price lookups and couponing and impulse buy offers in the layout.

    Another thing to keep is mind is make sure the mobile transaction device can work in offline mode and can queue the transactions intelligently. So if the wi-fi is jammed, the transactions are stored locally and secure on the mobile device and when restored, can be sent for processing in a delayed fashion.

  2. Richard Nedwich Says:

    Depending on Wi-Fi for critical retail applications such as POS is not new to Retailers. Even cash registers can be connected to Wi-Fi with NIC cards (network interface cards). As Ed points out, fallback can be as simple as batching orders until connectivity is restored, with wired stations as a last resort. What’s new is the ease with which anyone could disrupt that network. In fact, without a ‘scrambler’ one could simply use their smartphone’s Wi-Fi hotspot capability near the retailer’s access point to create interference (there’s a tip). However, some Wi-Fi solutions are designed to handle interference by using spectrum management solutions to detect, classify and mitigate those sources and/or change channels to avoid them. Others are designed with a single channel architecture that can continue to operate down to a single good RF channel while operating at full power (which tends to swamp out lower power interference sources anyway). Ask your WLAN vendor how they handle this situation, and can they operate down to a single channel?


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.