Company News • 20.01.2016

How secure is your mobile POS?

The preferred approach is semi-integrated

Photo: How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Supplier
Logo: APG Cash Drawer

APG Cash Drawer

4 The Drove
BN9 0LA Newhaven
UK
Photo: How secure is your mobile POS?
Source: APG Cash Drawer

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Source: APG Cash Drawer

related articles:

popular articles:

Thumbnail-Photo: APG Cash Drawer: new SMARTtill business development manager...
15.05.2019   #cash management #cash handling systeme

APG Cash Drawer: new SMARTtill business development manager

APG Cash Drawer announces hire of SMARTtill business development manager

APG Cash Drawer, a fast-growing global manufacturer of cash management solutions, announced today the addition of Tony Pusateri as SMARTtill Business Development Manager. ...

Thumbnail-Photo: 3D shop and customer analysis with artificial intelligence...
04.02.2019   #customer analysis #Trade fair special EuroCIS 2019

3D shop and customer analysis with artificial intelligence

Product innovation at EuroCIS: Intenta S1000 people counter

Intenta presents the new Intenta S1000 people counter at this year’s EuroCIS – a new 3D vision sensor for fully automatic intelligent scene interpretations. This retail specialist tracks precise data for customer statistics thus giving ...

Thumbnail-Photo: Quality and great experiences at irma in Illum...
18.04.2019   #electronic shelf labels (ESL) #labels

Quality and great experiences at irma in Illum

A store with all the best

The customers wanted Irma back and they got that. After two years of absence, Irma has once again opened a store in the basement of ILLUM department store in the late summer of 2018. The new Irma store offers high quality and extra good experiences ...

Thumbnail-Photo: Robots in retail: producer and salesperson all-in-one at the fully...
15.03.2019   #artificial intelligence #customer retention

Robots in retail: producer and salesperson all-in-one at the fully automated kiosk

Interview with Matthias Krinke, Managing Director of pi4_robotics GmbH

At Berlin’s shopping mall Bikini Berlin, we meet the robot “Gisela”. The robot’s designer Matthias Krinke sat down with us and explained what she can do and revealed what the retail industry can expect from her and her ...

Thumbnail-Photo: Digital Signage Summit (DSS) Europe
07.05.2019   #digital signage #digitization

Digital Signage Summit (DSS) Europe

iXtenso readers receive a 30% ticket-discount!

The two-day event comprises a comprehensive mix of twin-track conference programme; hands-on workshops; exclusive presentations; numerous networking opportunities and a vendor and service supplier exhibition area.In 2019, DSS Europe returns to the ...

Thumbnail-Photo: Using digital data to drive brick-and-mortar retail success...
31.01.2019   #brick and mortar retail #data analysis

Using digital data to drive brick-and-mortar retail success

Advanced Outlet Analytics

When it comes to using and analyzing relevant data, brick-and-mortar retail lags behind its online competition. While e-commerce retailers use detailed data from web analytics, CRM, and Google searches to analyze user behavior and generate ...

Thumbnail-Photo: retail trends: focus Retail Technology
12.02.2019   #mobile shopping #digital marketing

retail trends: focus "Retail Technology"

Omnichannel commerce, mobile shopping, seamless checkout – technology trends 2019

Would you like to find out about the latest retail technologies and hold something tangible in your hands at the same time?We'll be happy to send you a copy of our print edition retail trends: with the focus on "Retail Technology" ...

Thumbnail-Photo: Cameras, comfort and Artificial Intelligence...
09.04.2019   #security #cashpoints, cash register, cash desk

Cameras, comfort and Artificial Intelligence

Video: What self-checkout systems can already offer today

Self-checkout systems are enjoying ever greater acceptance and are regarded as an important future topic for retailers and customers. ...

Thumbnail-Photo: CIE 2019: Chinas premier B2B trade show
04.03.2019   #e-commerce #event

CIE 2019: China's premier B2B trade show

5th International Internet and E-commerce Expo in Shenzhen

CIE 2019, the 5th China (Shenzhen) International Internet and E-commerce Expo, is the premier B2B trade show in China that focuses specifically on internet technologies and e-commerce as well as the related industries. More than 400 exhibitors ...

Thumbnail-Photo: E-commerce: AI-powered translations revitalize business...
29.04.2019   #online trading #e-commerce

E-commerce: AI-powered translations revitalize business

Interview with Boris Zielonka, Director Marketing & Sales, Eurotext AG

Retailers who set up an online store can expand their business – especially if they create a multilingual content strategy.As a language and translation service, Eurotext AG supports retailers in this endeavor. From this conversation with ...

Supplier

AURES Technologies GmbH
AURES Technologies GmbH
Maisacherstr. 118
82256 Fürstenfeldbruck
CCV Deutschland GmbH
CCV Deutschland GmbH
Gewerbering 1
84072 Au i.d.Hallertau
MobiMedia AG
MobiMedia AG
Rottpark 24
84347 Pfarrkirchen
Casio Europe GmbH
Casio Europe GmbH
CASIO-Platz 1
22848 Norderstedt
Elo Touch Solutions NV
Elo Touch Solutions NV
Kolonel Begaultlaan 1C11
3012 Leuven
SES-imagotag Deutschland GmbH
SES-imagotag Deutschland GmbH
Bundesstraße 16
77955 Ettenheim
EUROEXPO Messe- und Kongress-GmbH
EUROEXPO Messe- und Kongress-GmbH
Joseph-Dollinger-Bogen 9
80807 München
iXtenso - Magazin für den Einzelhandel
iXtenso - Magazin für den Einzelhandel
Celsiusstraße 43
53125 Bonn
Axis Communications GmbH
Axis Communications GmbH
Adalperostraße 86
85737 Ismaning
LANCOM Systems GmbH
LANCOM Systems GmbH
Adenauerstraße 20 / B2
52146 Würselen