Company News • 19.10.2015

How secure is your mobile POS?

The various approaches to protecting POS data in smartphones and tablets

How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Supplier
Logo: APG Cash Drawer (Germany)

APG Cash Drawer (Germany)

Leichtmetallstr. 22a
42781 Haan-Gruiten
Germany

related articles:

popular articles:

Thumbnail-Photo: Pay-As-You-Go
17.02.2020   #payment systems #Trade fair special EuroShop 2020

Pay-As-You-Go

VR Payment and BMS Consulting bring fully automated payment to the point of
sale with payfree

For the first time ever, payfree realises the vision of cash register free checkouts without camera surveillance and expensive sensor technology on the shelvesThe payment process begins automatically upon passing the checkout areaInnovative process ...

Thumbnail-Photo: Augmented reality in online shopping
09.06.2020   #online trading #e-commerce

Augmented reality in online shopping

Study finds that augmented reality reduces the number of returns

A recent survey found that online shoppers return 70 percent of the clothing they order, more than any other category of purchase. This has an indirect but real impact on the environment.Online shoppers tend to order multiple sizes and colors, with ...

Thumbnail-Photo: Poindus VariPOS TSE Solution
11.02.2020   #security #pos systems

Poindus VariPOS TSE Solution

TSE for German fiscal regulations

Kassensicherungsverordnung (KassenSichV) regulates the technical requirements for electronic recording and security systems, such as Point-of-Sale (POS) systems & electronic cash registers in order to end the manipulation and potential tax ...

Thumbnail-Photo: Digital tool helps MENY in the fight against food waste...
13.02.2020   #sustainability #app

Digital tool helps MENY in the fight against food waste

Printing discount labels directly from the app

After a convincing test, Dagrofa rolls out the food waste app ‘Whywaste’ in all the Danish MENY stores. At MENY in Solrød, the store has already managed to achieve a significant reduction in food waste. In addition to the app, the ...

Thumbnail-Photo: Shop NEXT 2020
31.03.2020   #online trading #brick and mortar retail

Shop NEXT 2020

Next shopping experience

Due to the retail industry in Southeast Asia is developing rapidly and the retail industry value has exceeded 100 billion dollars. Over 250 exhibitors and 10,000 visitors from 30 countries or regions are expected to participate in Shop Next ...

Thumbnail-Photo: Automated delivery services sprang up during China’s Covid-19 lockdown...
03.06.2020   #coronavirus #delivery

Automated delivery services sprang up during China’s Covid-19 lockdown

Retail technologies at Smart Retail Expo (SRE 2020)

In response to the Covid-19 outbreak, China’s retail giants JD.com and Meituan both deployed their smart deliver robots/vehicles in heavily locked down cities, such as Wuhan and Beijing. Insiders believe automated delivery technology will be ...

Thumbnail-Photo: Simple tips and tricks to start your online business...
20.05.2020   #online trading #retail

Simple tips and tricks to start your online business

How to start an e-commerce business: Why you don’t always need a big online store

Creating your own online store is still the most popular way to sell products online. To start an e-commerce business, you first need a store setup and a fulfillment service provider who handles the warehousing, packaging, and shipment of ...

Thumbnail-Photo: Our bot is happy to assist you
31.03.2020   #consulting #customer relationship management

Our bot is happy to assist you

Chatbots and AI virtual assistants automate customer service

Chatbots and virtual assistants – some think they are creepy, others consider them a part of daily life. Either way, they patiently answer frequently asked questions related to the opening hours of the nearest supermarket.By now, some ...

Thumbnail-Photo: The cash register capable of everything
18.02.2020   #customer satisfaction #epos systems

The cash register capable of everything

Flexible use from manned checkout to self-checkout point

Customers walking through the store with their own cash register on hand? This versatility of shop technology and shop fittings corresponds to the change in brick and mortar retail. MAGO wants to help retailers to meet this challenge with ...

Thumbnail-Photo: Cutting through the tax jungle
25.02.2020   #online trading #e-commerce

Cutting through the tax jungle

Startup helps online retailers to be fully compliant with European VAT regulations

Anyone who sells goods online is obliged to pay value-added tax (VAT). The amount depends on the respective national regulations. But what happens if you have cross-border exports and transactions? How much VAT do sellers have to pay in this case ...

Supplier

Poindus HQ - Taiwan
Poindus HQ - Taiwan
5F., No.59, Ln. 77, Xing-Ai Rd.,Neihu Dist.
Taipei City 114
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
VR Payment GmbH
VR Payment GmbH
Saonestraße 3a
60528 Frankfurt am Main
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
MAGO S.A.
RUSIEC ALEJA KATOWICKA 119/121
05-830 Nadarzyn
HappyOrNot
HappyOrNot
Innere Kanalstraße 15
50823 Köln
POSIFLEX GmbH
POSIFLEX GmbH
Flinger Broich 203
40235 Düsseldorf