Company News • 19.10.2015

How secure is your mobile POS?

The various approaches to protecting POS data in smartphones and tablets

How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Supplier
Logo: apg Solutions EMEA Ltd.

apg Solutions EMEA Ltd.

4 The Drove
BN9 0LA Newhaven
UK

related articles:

popular articles:

Thumbnail-Photo: Transform Customer Interactions with apg® Customizable Kiosk Floor Stand...
06.08.2024   #customer experience #kiosk applications

Transform Customer Interactions with apg® Customizable Kiosk Floor Stand

The leading provider of point-of-sale cash management and retail solutions, proudly announces the launch of its new Kiosk Floor Stand.

This innovative stand is designed to revolutionize customer service in various business environments through its high adaptability and user-focused design.The apg® Kiosk Floor Stand is unique in its ability to meet the diverse needs of different ...

Thumbnail-Photo: Time saving made easy
18.07.2024   #brick and mortar retail #software applications

Time saving made easy

Use of technology in retail: focus on increasing efficiency and customer satisfaction

Task management software is one of the retail solutions designed to help shops save time and ...

Thumbnail-Photo: Cash Management with the apg® Note Acceptor...
06.08.2024   #security #cashpoints

Cash Management with the apg® Note Acceptor

Stand-alone or as addition to the smarttill® Suite

Theft and counterfeit fraud are significant threats to retailers, underscoring the need for secure cash management solutions.For reliable bill validation and secure storage of high-volume bills, the apg® Note Acceptor is an essential tool. It ...

Thumbnail-Photo: Zebra: Using transparency to combat losses and shrinkage...
24.05.2024   #Tech in Retail #personnel management

Zebra: Using transparency to combat losses and shrinkage

Companies in the retail sector like Lowes Food, Belk’s and Vera Bradley are gearing themselves up for the future with cost optimisation strategies.

Loss prevention is playing an increasingly important role in reducing inventory discrepancies.Inventory is a major challenge for companies in the retail sector: 82% of retailers in Zebra's latest 16th Annual Global Shopper Study say that ...

Thumbnail-Photo: Introducing the Salto Glass XS Reader Series...
10.07.2024   #RFID (radio frequency identification) #access control systems

Introducing the Salto Glass XS Reader Series

Redefining Smart Access Control

Salto proudly unveils the Glass XS Reader Series, an innovative line of products ...

Thumbnail-Photo: ITL showcase age & identity technology at  Seamless Europe...
09.09.2024   #brick and mortar retail #access control

ITL showcase age & identity technology at Seamless Europe

Innovative Technology offer a range of products that are ideal for retailers who are looking to implement age estimation technology ...

Thumbnail-Photo: Intelligent shopping assistant: how can it help in the store?...
26.06.2024   #brick and mortar retail #app

Intelligent shopping assistant: how can it help in the store?

Practical examples of use in DIY stores and fashion stores

Product search, navigation, shopping basket management and checkout: intelligent shopping assistants can now be integrated into ...

Thumbnail-Photo: Hanshow Awarded FY24 China Top ISV Partner by Microsoft for Innovative...
04.09.2024   #artificial intelligence #cloud computing

Hanshow Awarded FY24 China Top ISV Partner by Microsoft for Innovative Retail Solutions

Hanshow, a leading provider of retail digital store solutions, has been awarded the "FY24 China Top ISV Partner" by Microsoft. The award recognizes Hanshow's innovative technologies and deep cooperation with Microsoft in the field of ...

Thumbnail-Photo: How Smart Cash Management Can Enhance Customer Satisfaction and...
13.08.2024   #customer satisfaction #Tech in Retail

How Smart Cash Management Can Enhance Customer Satisfaction and Engagement

Exclusive report from apg Solutions EMEA Ltd. shows possible solutions

More and more retailers are integrating cash payment at self-checkout (SCO). The reason for this is that consumers want to have the choice of how they pay. In times of high inflation, people want to know exactly what they are spending.But ...

Thumbnail-Photo: Fashion retail: mobile discovery, more convenient shopping...
04.07.2024   #online trading #brick and mortar retail

Fashion retail: mobile discovery, more convenient shopping

How Breuninger is breaking boundaries with omnichannel

Breuninger, with twelve stores in Germany and another in Luxembourg, provides a traditional shopping experience ...

Supplier

Zebra Technologies Germany GmbH
Zebra Technologies Germany GmbH
Ernst-Dietrich-Platz 2
40882 Ratingen
Innovative Technology Ltd.
Innovative Technology Ltd.
Innovative Business Park
OL1 4EQ Oldham
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
apg Solutions EMEA Ltd.
apg Solutions EMEA Ltd.
4 The Drove
BN9 0LA Newhaven