Company News • 19.10.2015

How secure is your mobile POS?

The various approaches to protecting POS data in smartphones and tablets

How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Supplier
Logo: APG Cash Drawer

APG Cash Drawer

4 The Drove
BN9 0LA Newhaven
UK

related articles:

popular articles:

Thumbnail-Photo: First of its kind accessible checkout unveild by Woolworths, creating...
03.01.2024   #Tech in Retail #cashpoints

First of its kind accessible checkout unveild by Woolworths, creating new employment opportunities

Breaking Barriers in Retail: Woolworths' New Checkout Design for Wheelchair Users

In what is believed to be a world first, Woolworths has unveiled an accessible checkout, designed specifically for team members living with a physical disability, including people who use wheelchairs and other mobility aids such as walkers.The first ...

Thumbnail-Photo: Nedap teams with Foot Locker to extend RFID project...
05.10.2023   #omnichannel #software applications

Nedap teams with Foot Locker to extend RFID project

Foot Locker successfully matches supply and demand in newly opened stores in Eastern Europe using RFID technology

Nedap the global leader in RFID solutions, announces that multi-brand sports fashion and apparel retailer Foot Locker has successfully extended Nedap iD Cloud to its new, Eastern European stores. The objective is to offer the best possible ...

Thumbnail-Photo: EuroCIS 2024: Go beyond today!
16.10.2023   #retail #Tech in Retail

EuroCIS 2024: Go beyond today!

27 to 29 February 2024 will see the Who’s Who of Europe’s retail technology sector meet in Düsseldorf

Go beyond today! EuroCIS at the end of February will once again show solutions and products for the retail of the future @Messe DüsseldorfIn late February, numerous companies will again exhibit solutions and products for retailers to shape and ...

Thumbnail-Photo: Tesco to introduce new scan-free technology on self-service tills at...
03.01.2024   #brick and mortar retail #Tech in Retail

Tesco to introduce new scan-free technology on self-service tills at GetGo store

Seamless Shopping Revolution: Tesco Tests Scan-Free Technology in London

Tesco is trialling an exciting new technology innovation that means customers don’t need to scan their items ...

Thumbnail-Photo: Out of Stock in Retail and innovative solutions to avoid them...
07.11.2023   #brick and mortar retail #customer satisfaction

Out of Stock in Retail and innovative solutions to avoid them

Due to various events, the availability of goods in retail will be increasingly restricted from 2022, with the result that customers cannot find in food retail the products they wish to buy, because those products are sold out, are temporarily ...

Thumbnail-Photo: The global state of autonomous stores
18.12.2023   #Tech in Retail #self-checkout systems

The global state of autonomous stores

The stores are located in various retail segments such as food retail, fashion, electronics, convenience stores and fast food.

In a highly competitive global retail landscape, autonomous stores are an emerging force that addresses changing consumer behaviors, reduces operational costs, improves profitability, and powers revenue growth strategies. Advancements in autonomous ...

Thumbnail-Photo: New German vending partner for ITL
30.11.2023   #Tech in Retail #cash management

New German vending partner for ITL

Innovative Technology (ITL) have recently announced Bernd Boddart as their latest trading partner

Bernd Boddart will be supplying their cash validation and biometric age verification solutions to the German vending market. Bernd Boddart, based in Mönchengladbach, Germany, have 30 years of experience in the field of coffee machines, table ...

Thumbnail-Photo: Payment as a success factor: more than just paying...
15.01.2024   #Tech in Retail #payment systems

Payment as a success factor: more than just paying

Flashback to 1994: databases and ERP systems, first commercial websites, mobile phones with colour displays, CD-ROMs, Java as a programming language ...

Thumbnail-Photo: MPREIS Transforms Operations with Zebra Workcloud Task Management™...
06.11.2023   #customer experience #software developement

MPREIS Transforms Operations with Zebra Workcloud Task Management™ Software Solution

Austrian food retailer to streamline communication in around 300 stores to improve staff engagement, inventory optimisation, and customer satisfaction

MPREIS has around 300 Austrian stores in regions across Tyrol...

Thumbnail-Photo: Toshiba Launches New ELERA™ Security Suite to Address the Industry’s...
22.09.2023   #cashpoints #customer experience

Toshiba Launches New ELERA™ Security Suite to Address the Industry’s Challenges Around Shrink

Toshiba’s A.I.-powered solution empowers retailers across the globe to better manage loss prevention and protect profits

Security Suite from Toshiba Global Commerce Solutions empowers retailers to minimize shrink...

Supplier

Zebra Technologies Germany GmbH
Zebra Technologies Germany GmbH
Ernst-Dietrich-Platz 2
40882 Ratingen
Innovative Technology Ltd.
Innovative Technology Ltd.
Innovative Business Park
OL1 4EQ Oldham
REMIRA Group GmbH
REMIRA Group GmbH
Phoenixplatz 2
44263 Dortmund
Captana GmbH
Captana GmbH
Bundesstraße 16
77955 Ettenheim