Company News • 19.10.2015

How secure is your mobile POS?

The various approaches to protecting POS data in smartphones and tablets

How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Supplier
Logo: APG Cash Drawer (Germany)

APG Cash Drawer (Germany)

Leichtmetallstr. 22a
42781 Haan-Gruiten
Germany

related articles:

popular articles:

Thumbnail-Photo: Nominate your company for the E-commerce Germany Awards 2020!...
21.11.2019   #online trading #e-commerce

Nominate your company for the E-commerce Germany Awards 2020!

Award ceremony as part of E-Commerce Berlin Expo

The E-commerce Germany Awards are officially accepting submissions as of the 4th  November, 2019. Companies within the e-commerce sector are able to apply to one of the ten categories. The annual awards are given out for the third time in ...

Thumbnail-Photo: Smart meters: Be proactive and reap the benefits...
12.08.2019   #energy optimization #electrical installation

Smart meters: Be proactive and reap the benefits

The Metering Point Operation Act calls for smart meter rollout

The black and analog electric meter box has become obsolete: The mandatory smart meter rollout will commence in a few months. What does the installation of digital, smart electric meters mean for retailers and chain stores? ...

Thumbnail-Photo: App creates personalised shopping experience...
26.08.2019   #mobile payment #app

App creates personalised shopping experience

The Swiss trading company Valora is opening its first cashless convenience store

The goods are chosen, scanned and paid for using the avec smartphone app. Mobile computer vision specialists Scandit’s scan engine is a key component of the customer-facing app. The future of shopping - whether online or offline - is ...

Thumbnail-Photo: The iXtenso editors tested self-scanning ......
30.09.2019   #mobile payment #self-checkout systems

The iXtenso editors tested self-scanning ...

... with an app of the Hobbymarkt Knauber in Bonn, Germany

Snabble has developed a payment app that allows customers to scan their purchases in retail stores and pay online. I wondered: How does it work?The app is in use in the Bonn DIY and hobby market Knauber, among other places. Let’s make a move ...

Thumbnail-Photo: Enhanced, interactive, virtual – It’s all about the experience!...
21.11.2019   #online trading #customer satisfaction

Enhanced, interactive, virtual – It’s all about the experience!

AR and VR can boost online and offline retail

New technologies permeate all aspects of the retail business, whether it’s self-checkouts, AI or robotics. Virtual and Augmented Reality (VR and AR) are yet other components in this setting. In this interview with iXtenso, Kelly Goetsch, ...

Thumbnail-Photo: Spar: opening in Copenhagen
30.10.2019   #electronic shelf labels (ESL) #price labelling

Spar: opening in Copenhagen

International Flagship-Store opens for business in Sydhavn, in the South of Copenhagen

On August 22nd, the grocery chain Spar opened its doors to a brand new store with international concepts in the South of Copenhagen area, Sydhavn. The new store offers a modern shopping experience where it should be easy, convenient and enjoyable to ...

Thumbnail-Photo: POS machine market growth
27.08.2019   #epos systems #pos systems

POS machine market growth

Driver: Adoption of mobile devices for POS transaction

The number of POS machines has increased in the past four years following the introduction of chip-embedded payment cards & Personal Identification Number (PIN). Moreover, growth in the number of departmental and retail stores, which is fueling ...

Thumbnail-Photo: Innovative ICA store triples revenue
22.08.2019   #electronic shelf labels (ESL) #price labelling

Innovative ICA store triples revenue

Automatic price updates and product information at the shelf

Since ICA merchant, Jan Sikström, took over the ICA Ettan store in Sundsvall (Sweden) in 2016, he has almost tripled the turnover from SEK 15 million to SEK 40 million. Today, the store has 15 employees and approximately 5,000 different items ...

Thumbnail-Photo: Retail analytics: Breaking down data silos and improving operational...
29.07.2019   #data management #data analysis

Retail analytics: Breaking down data silos and improving operational efficiency

How comprehensive data usage led to higher revenue at Heine

“As a business with heritage in mail order, we used to have access to detailed reports about product performance in our catalogues. Once our digital presence grew, we had very limited information available that combined the KPIs for both our ...

Thumbnail-Photo: New year brings new regulations
13.09.2019   #data management #receipt printer

New year brings new regulations

What are the big changes for German point of sales systems come 2020?

Big changes are coming to Germany’s point of sale systems starting January 1, 2020. Two terms that are tossed around in this connection are "Belegausgabepflicht" (Receipt Provision Ordinance) and ...

Supplier

APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden
Superdata GmbH
Superdata GmbH
Ruhrstr. 90
22761 Hamburg
iXtenso - Magazin für den Einzelhandel
iXtenso - Magazin für den Einzelhandel
Celsiusstraße 43
53125 Bonn