How to Get Guest Wi-Fi Right

As convenience stores increasingly evolve into destination spots, guest Wi-Fi not only helps differentiate the in-store experience and attract new customers, but it also provides new opportunities for customer engagement and employee training. Given the devastating impact of recent security breaches on major brands, though, store operators are wise to carefully consider the security requirements for guest Wi-Fi.

Regardless of their need (e.g., to make a mobile payment, redeem loyalty rewards, post social updates, etc.), customers expect merchants to provide a secure, high-quality Wi-Fi experience. Packet sniffers, session highjacking and rogue wireless devices are just some of the techniques hackers are using to prey on the weaknesses of Wi-Fi networks and point-of-sale systems to steal information.

In light of tight profit margins and information technology budgets, the following are cost-effective best practices to bring Wi-Fi infrastructure networks up to the necessary security capabilities, while also delivering a satisfactory customer experience.  

Segmented Access Control 

In a recent survey by the IHL Group, c-store operators indicated they spend more than 55 percent of their data-security budgets on payment card industry (PCI) compliance. With regards to guest Wi-Fi, PCI compliance requires proper segmentation to maintain the integrity of the cardholder data environment (CDE). Acceptable solutions include network segmentation with VLANs, or isolation of guest Wi-Fi traffic with VPN tunnels. While both approaches are acceptable, the VPN tunnel provides an added dimension of flexibility to engage third-party Wi-Fi and/or network security cloud services. PCI compliance alone is not an adequate security strategy. Effective security requires a holistic strategy.

Unified Threat Management (UTM) 

Providing nothing but naked network connectivity exposes customers to all the hostilities of the internet. C-store operators need to implement the same firewall, malware, anti-spam and other network security protections they would use to protect their back-office systems. For those operators with a mobile application, guest Wi-Fi may be an enabler for a payment transaction. (i.e., no Wi-Fi, no payment). If a customer gets a virus on their mobile device and loses their data while in your store, they will blame the store — not the internet service provider — because that’s the last logo they saw on the portal screen before they accessed the internet.

Web Content Filtering 

It is against the law to expose a minor to inappropriate content, not to mention the damaging ramifications for the store brand. C-store operators must proactively enforce acceptable use policies to block any questionable content.

Captive Portal 

As soon as a customer opens a browser on her device, she should be redirected to a captive portal screen with welcoming information and terms and conditions regarding use of the guest Wi-Fi service. This welcome screen provides an additional marketing channel to promote the brand, special promotions and local partner advertising. It also provides an added layer of liability protection. Retailers do not want to be held liable for unfortunate consequences that may result from a customer using the guest Wi-Fi solution.

Fair Access Enforcement 

The bar for acceptable guest Wi-Fi performance is often set in the home, where many consumers privately enjoy enormous amounts of internet access. In a convenience store, those same consumers often share a much smaller circuit with many more fellow consumers and employees. With today’s bandwidth-hogging video and social media applications, it doesn’t take long for a few users to monopolize any available network capacity. Enforcing fair access policies maximizes the realized business value of a limited resource, namely internet access.

Wi-Fi Spectrum Management 

While it’s not specifically a security issue, in-store systems like refrigeration, microwaves, wireless security cameras and even bottles of liquid can wreak havoc with Wi-Fi signals. All of these factors need to be considered in the guest Wi-Fi network design. In addition, as c-stores embrace the store-within-a-store model with other brands’ storefronts setting up shop inside your store, a mix of Wi-Fi networks with competing interests can both weaken the customer experience and make it more vulnerable. If a single Wi-Fi network is intended to support multiple Wi-Fi needs (e.g., guest Wi-Fi, employee Wi-Fi, etc.), additional consideration should be given to Access Point (AP) density requirements, particularly as commercial application of Internet-of-Things (IoT) devices become production viable.

Guest Wi-Fi service poorly protected and deployed can do more damage to a c-store’s reputation than not having any Wi-Fi at all. But not having Wi-Fi isn’t an option for today’s convenience stores. In an age when consumers expect to be connected to the internet wherever they go, getting guest Wi-Fi security right the first time saves time, money and brand equity.

Editor’s note: The opinions expressed in this article are the author's and do not necessarily reflect the views of Convenience Store News.