Guest Internet Solutions
Guest Internet Solutions

Hackers can attack your Point of Sale (PoS) through your WiFi Hotspot

Some business owners face a new risk because thieves have discovered how to steal credit card information from point of sale (PoS) computers. The thieves get access to the PoS through WiFi Hotspots, which businesses have installed as a service for customers. This is possible when the WiFi Hotspot is connected to the same DSL or Cable service as the PoS computer. The PoS has to be connected to the Internet to process credit card payments. An expert computer hacker can access a PoS in a few minutes and the hacker need not be on the premises, most sit in the car park within range of the WiFi Hotspot.

All motels and hotels have a WiFi Hospot installed for guests to use. Unfortunately some businesses have already had credit card data stolen from PoS computers and thieves used the WiFi Hotspot to gain access. In cases where the theft of credit card information from a business computer is proven, then the merchant is liable for fines and suspension of merchant card services.

The credit card industry has published recommendations describing the precautions that the merchant must take to prevent theft of credit card information. This information is available as a download from the Security Standards Council called the PCI DSS Data Security Standard.

The PCI DSS has two recommendations regarding the installation of a public Internet service within the business premises. The first is that the WiFi Hotspot and PoS computer must use different DSL/Cable connections. Secondly, if only one Internet circuit is available then a firewall must be installed to prevent Hotspot users getting access to the PoS computer. Businesses that process a large volume of credit card charges must have the network installation certified by a qualified consultant.

Larger hotels have bigger budgets for IT and so the cost of a T1 data circuit for the property management system / PoS, and a separate business DSL for the guest Internet service is affordable. Smaller properties have tighter budgets and cannot afford the additional $1000+ annual cost of a business DSL service dedicated exclusively for guest Internet access.

One DSL or Cable circuit can be used for both the PMS/PoS and the WiFi Hotspot service by installing a Hotspot gateway that includes a firewall to block access to the PoS. Products that combine the WiFi hotspot gateway function together with a firewall can cost less that $200. The combined gateway and firewall products permit the motel owner to comply with PCI DSS recommendations while working with a tight budget.

The combined gateway-firewall product is very easy to install and can be used to upgrade an existing WiFi hotspot service. Most motel network installations look like the diagram below. The business computers are connected to the DSL or cable modem. Additionally there is an Ethernet switch that is used to connect wireless access points for the guests, and possibly a guest computer in the lobby area or in a business center.

The Hotspot gateway with firewall is installed between the public network and the private network. This is the GIS-R2 Hotspot gateway. The public network includes wireless access points and business center computer. The private network includes the DSL or Cable modem, point of sale computer, and property management system computer.

The Hotspot gateway and firewall provides several essential functions in addition to the firewall.

-    Firewall: blocks access to the private network from the public network for PCI DSS compliance
-    Login page with optional customization
-    Login page legal disclaimer which can be edited
-    Generation of access codes to provide to guests
-    Redirection of users to the motel web page
-    Data speed control: prevent users who download large files from slowing the network for everyone
-    Content filtering which blocks access to porn and similar web sites
-    Report of guest Internet usage
-    Remote configuration
-    Interface for PMS system integration (API)

The firewall is very effective because it deletes any data packet that a hacker in the public network tries to send to a computer in the private network.  The access control using pass-codes also means that no one can sit in the motel car park and get Internet access. Only guests who have been given access pass-codes get Internet access. This low cost network upgrade gives a big piece of mind.

For additional product information please go to the GIS-R2 Hotspot gateway page.

Posted in WiFi Hot Spot installation, WiFi Hot Spot problems, WiFi Hot Spots | 2 Comments

2 Responses to “Hackers can attack your Point of Sale (PoS) through your WiFi Hotspot”

  1. Pablo Maiorino says:

    I recently purchased a GIS-R2 for use in a restaurant. I want to use the content filtering and I see that OpenDNS account is required. Currently they offer a free service but it is designed for home use and I am told by OpenDNS that it will only work with up to 5 concurrent users, which is not suitable for a busy restaurant. Their most basic plan runs around $1200/year. They no longer offer the $5/user as noted in your documentation. Are there any plans to expand the content filtering services to other,more economical, sites ?

    • admin says:

      Hi Pablo,

      The GIS-R2 represents one user, even though you may have 20 people connected to the GIS-R2. We designed the product so that the GIS-R2 provides the IP address for all users. You can use one GIS-R2 with a free account, however if you want to use other GIS-R2s at different locations then you need a different free account for each GIS-R2.

      Currently, all the customers I speak with are using the free service. We use the free service here when testing products. OpenDNS has recently changed their website, and the new website does not have information about charges and requires contact to be made with their sales dept.

      To my knowledge it would be necessary to have a paid account if
      (a) more then one GIS-R2 device at different locations were required to work with one account.
      (b) it was necessary to customize the filtering characteristics.

      Currently we don’t support any other type of content filtering service. OpenDNS is very popular due to the free services that they provide

About us

We began developing software for WiFi HotSpot management and billing in 2003, since then our client list has grown to include some of the biggest names in hospitality and resort management. Our current line-up of HotSpot gateways offers the most cost effective way of providing Internet access for guests. Read mode


GIS-R2 Hotspot Gateway
GIS-R4 Hotspot Gateway
GIS-R6 Hotspot Gateway
GIS-R10 Hotspot Gateway
GIS-R20 Hotspot Gateway


Please contact us about becoming a reseller if you think your customers would like our hotspot gateway products. We can also rebrand our products with your name and logo. Read mode

©2012 Guest Internet Solutions. All rights Reserved. Part of the Fire4 Systems Group. Privacy Policy   Terms & Conditions   Site Map