A point of sale system allows a customer to purchase goods or services from a merchant using a payment card (such as a credit card) issued by a financial institution with which the customer has an account. The system transmits payment information associated with the purchase over a network to a payment host which authorizes and processes the transaction on behalf of a payment processor associated with the financial institution.
A point of sale system may have a number of terminals providing service to customers at multiple physical points within the merchant's business location. Such terminals can now be found in the form of wireless devices that can service payment transactions in a flexible variety of locations. In a restaurant, for example, customers can pay for meals at the table by swiping a payment card at a portable wireless point of sale terminal carried by a waiter. This provides potentially greater efficiency and security as the customer does not have to surrender the payment card to effectuate the payment transaction.
One way of providing such a point of sale system is by utilizing a local area network (LAN) with wireless capability. Such a LAN can be implemented with a wireless router that communicates with one or more wireless devices within a reasonably short range and also connects to an external network. The wireless router can thus allow a number of wireless point of sale terminals in a shop or singularly located business to communicate with the appropriate payment host over the internet, thus allowing for payment transactions to be processed.
As payment transactions involve sensitive cardholder data, it is essential that this data is inaccessible to parties and processes that are not an intended part of the transaction. This inaccessibility may be compromised if point of sale devices are allowed to communicate with non-point of sale devices. This is because point of sale devices are normally designed to prevent unauthorized access or non-payment related uses, whereas non-point of sale devices cannot be assumed to have such restrictions. For this reason, current best practices dictate that point of sale devices should not be allowed to share the same immediate local network with non-point of sale devices. This practice is also mandated by the Payment Card Industry Data Security Standard (PCI-DSS) which has been developed to secure payment card data. Compliance with this standard is very important as it is typically required of merchants by acquirers associated with popular payment cards such as VISA and MasterCard.
Implementing a point of sale system on a LAN as described above therefore introduces security concerns that are not present in conventional systems designed exclusively for point of sale devices. This is because the router that implements the LAN will also have the capability of communication with other devices on the LAN, which may include non-point of sale devices. Although this problem might be solved by the merchant adopting a practice that only point of sale devices can be members of the LAN, there is no simple means of ensuring continual compliance with such a practice. Furthermore, especially in the case of smaller merchants, it may be unreasonable to expect separate physical networks to be maintained for both point of sale devices and other kinds of devices that the merchant may need or wish to operate.
An additional concern is that a router as described above may allow for devices to be connected both wirelessly and by wire. Although this provides a potentially advantageous capability, as a practical matter one form of connection may be less secure than the other, and thus combining both wired and wireless connections on a same LAN may potentially weaken the security of devices connected by the more secure method. It is therefore desirable to provide a means for securing data on a local area network with point of sale devices as well as non-point of sale devices. It is also desirable to provide a means for securing data when such a local area network has both wired and wireless devices.
It should be understood that the flow diagrams provided herein represent logical relationships among functions in order to generally illustrate functional elements that are provided in various embodiments of the invention. One of ordinary skill in the art will recognize that the elements described in these flow diagrams may be arranged differently while still, where consistent with the description herein, remaining within the spirit and scope of the invention.