Company News • 20.01.2016

How secure is your mobile POS?

The preferred approach is semi-integrated

Photo: How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Supplier
Logo: APG Cash Drawer

APG Cash Drawer

4 The Drove
BN9 0LA Newhaven
UK
Photo: How secure is your mobile POS?
Source: APG Cash Drawer

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Source: APG Cash Drawer

related articles:

popular articles:

Thumbnail-Photo: ARNEG GROUP: from Sharing Avenue to Melting Pot...
09.12.2019   #refrigeration cabinets #Trade fair special EuroShop 2020

ARNEG GROUP: from Sharing Avenue to Melting Pot

The sharing road leads a long way

At the 20th edition of Euroshop, the Arneg Group is expressing its cosmopolitan soul on a kaleidoscopic stand that embodies the concept of sharing, interpreted as a virtuous fusion of competence, experience and vision capable of generating change ...

Thumbnail-Photo: Smart digital labels and pricing automation
07.02.2020   #displays #electronic shelf labels (ESL)

Smart digital labels and pricing automation

SES-imagotag at EuroShop 2020

For 25 years, SES-imagotag has been the trusted partner of retailers for in-store digital technology. SES-imagotag, the worldwide leader in smart digital labels and pricing automation, has developed a comprehensive IoT and digital platform that ...

Thumbnail-Photo: Unit development with R290
11.12.2019   #refrigeration cabinets #Trade fair special EuroShop 2020

Unit development with R290

Frost-trol develops a pilot water condensation project using R290 as a refrigerant

Since 2005, Frost-trol R&D efforts have focused on developing efficient cabinets and finding solutions with natural fluids: R744, R290 or R1270. Propane (R290) has always been at the center of attention of our research line, because it is ...

Thumbnail-Photo: Light up the future with Posiflex at EuroShop 2020...
11.02.2020   #kiosk terminals #Trade fair special EuroShop 2020

Light up the future with Posiflex at EuroShop 2020

Serviced IoT solutions: personalized, flexible and connected

The Posiflex Group, a synergy of world-leading POS, kiosk, and industrial computing technologies — will bring its Serviced IoT solutions to EuroShop 2020, the leading Europe trade fair for the retail industry, from February 16th – 20th ...

Thumbnail-Photo: Wireless with SVN-Flex from SALTO
20.01.2020   #security #security management

Wireless with SVN-Flex from SALTO

SALTO has launched SVN-Flex, a new technology that enables virtual networked access control solutions

In the solutions wireless electronic escutcheons and cylinders act as wire-free updaters. This leads to greater efficiency, security and convenience.The innovation of the SVN-Flex is that users no longer necessarily need hard-wired wall readers to ...

Thumbnail-Photo: Toshiba demonstrates the future of shopping at EuroShop 2020...
13.02.2020   #self-checkout systems #Trade fair special EuroShop 2020

Toshiba demonstrates the future of shopping at EuroShop 2020

Toshiba spotlights innovations enabling retailers to create “moments that inspire”

Toshiba Global Commerce Solutions offers EuroShop 2020 attendees a look into the future via its ‘Frictionless Store’, Feb. 16-20, hall 6 booth C41 in Düsseldorf, Germany. Toshiba’s innovative solutions enable retailers to ...

Thumbnail-Photo: Effective and Independent
12.02.2020   #epos systems #cashpoints

Effective and Independent

Present and future of self-checkout

Better use of personnel, lowering overhead costs while still providing customers with a smooth and seamless shopping experience – that’s what every retailer strives to accomplish. For Thomas Dibbern, CEO of ALMEX GmbH, there is an ...

Thumbnail-Photo: Successful local grocery store: Here is the recipe...
10.01.2020   #electronic shelf labels (ESL) #food retail

Successful local grocery store: Here is the recipe

Fast price adjustment with electronic shelf labels

Many small local grocery stores have difficulty getting a profitable business, but in the Danish cottage area between Nymindegab and Hvide Sande, the local Min Købmand store in Bjerregaard has found the recipe to be successful. Now, the ...

Thumbnail-Photo: Solid Lines 2020, a product range …
01.02.2020   #refrigeration cabinets #Trade fair special EuroShop 2020

Solid Lines 2020, a product range …

… designed with the idea of generating unforgettable shopping experiences

New architectural and design concepts are appearing in the conceptualization of current supermarkets, especially aimed at improving the customers' shopping experience by incorporating solutions that generate value, allowing to optimize energy ...

Thumbnail-Photo: Think Different! Thought leadership at ISE 2020...
13.12.2019   #security #digital marketing

Think Different! Thought leadership at ISE 2020

Over 200 specialists to offer expert opinion and insight

Integrated Systems Europe 2020’s professional development programme will feature over 200 leading experts from a wide variety of disciplines and subject areas across five days of keynotes, conferences, masterclasses, workshops and ...

Supplier

Burkhardt Leitner Modular Spaces GmbH
Olgastrasse 138
70180 Stuttgart
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
ROQQIO Commerce Solutions GmbH
ROQQIO Commerce Solutions GmbH
Harburger Schloßstraße 28
21079 Hamburg
Diebold Nixdorf
Diebold Nixdorf
Heinz-Nixdorf-Ring 1
33106 Paderborn
Allgeier Enterprise Services
Allgeier Enterprise Services
Westerbachstr. 32
61476 Kronberg im Taunus
Saint Gobain Sovis
Avenue de la Republique
2407 Chateau Thierry Cedex
SES-imagotag Deutschland GmbH
SES-imagotag Deutschland GmbH
Bundesstraße 16
77955 Ettenheim
POSIFLEX GmbH
POSIFLEX GmbH
Flinger Broich 203
40235 Düsseldorf