Major stores beam credit card details to the car park

Major US retail chain Best Buy has been forced to close down its wireless cash registers after security experts revealed it had been making credit card information available to anyone in the vicinity with the equipment to detect wireless networks.

And global supermarket giant WalMart and US pet store PetSmart are under pressure to investigate claims their systems have exactly the same flaws.

According to US reports, Best Buy closed down its wireless cash registers last night to investigate the issue.

Best Buy's action follows a day of heated discussion on security newsgroups after an anonymous person said he had accidentally picked up credit card numbers while testing his newly purchased WLAN (wireless local area network) equipment in the retail shop's car park.

Other newsgroup subscribers confirmed they had also noticed the same problem.

Another anonymous postee said: "In the last two years I and others have done our own research and found several large retailers that use WLAN to allow their registers at the front of the store to talk to their main computer in the back. At first we thought it was simply POS (point of sale) data to help keep an accurate inventory and pricing data, but soon discovered there was also credit card data being sent."

The postee added: "It's names like WalMart and Best Buy"

Others indicated the vulnerability with Best Buy was well-known within the underground hacker community.

The problem is caused by the use of WLANs which transmit data through the air over short distances. However, the added convenience can give rise to security problems - anyone else in the vicinity with the equipment to receive wireless signals, is able to access the data as well.

Despite this, many institutions which use Wireless LANs still transmit information without even basic encryption.

It is alleged that Best Buy has been using in-store WLANs to transmit customer data to back-room servers, allowing hackers to get access to the data.

Best Buy is the biggest US retailer of electrical goods with sales of over $15bn from 1,700 stores.

Best Buy was unavailable for comment at the time of writing. A spokeswoman for WalMart said she had not heard the allegations, but added: "To my knowledge WalMart releases no personal customer information improperly. We understand the importance of privacy."

Wireless LAN insecurity is a growing problem in the UK as well. A survey by the Institute of Information Security out yesterday said 71 per cent of wireless networks it detected in the City of London were unencrypted.