Company News • 19.10.2015

How secure is your mobile POS?

The various approaches to protecting POS data in smartphones and tablets

How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Supplier
Logo: APG Cash Drawer (Germany)

APG Cash Drawer (Germany)

Leichtmetallstr. 22a
42781 Haan-Gruiten
Germany

related articles:

popular articles:

Thumbnail-Photo: “Dear shopping cart, please show me the way!“...
06.07.2020   #self-checkout systems #scanner

“Dear shopping cart, please show me the way!“

Shopping Cart 2.0 – gimmick or idea with intrinsic value?

Not all shopping carts are the same... far from it! Digitization and automation also put their stamp on this aspect of the retail sector. What’s usually a plain, large basket on wheels that makes it easier for shoppers to transport products ...

Thumbnail-Photo: Stay safe with VariPOS
11.05.2020   #cashpoints #terminals

Stay safe with VariPOS

How technology helps – Stay safe at the point of sale

Technologies for product identification and payment authentication are great for improving the customer experience with speed and accuracy, but these technologies are also being seen as beneficial in the wake of the Coronavirus Pandemic. ...

Thumbnail-Photo: World’s first convenience store retrofitted with AI technology...
14.08.2020   #video surveillance #video cameras

World’s first convenience store retrofitted with AI technology

Standard Cognition to provide Circle K with autonomous checkout

Standard (“Standard Cognition”) announced that Alimentation Couche-Tard, a company that operates close to 14,500 convenience stores worldwide, including under the global brand Circle K, has selected Standard to pilot touchless, ...

Thumbnail-Photo: Bright future for Copenhagen-based Irma Store...
15.06.2020   #electronic shelf labels (ESL) #price labelling

Bright future for Copenhagen-based Irma Store

Automatic price updates with ESL

Irma Smedetoften is located in the heart of Copenhagen's Northwest Quarter. The area around the Irma store is part of an urban development project where, among other things, the local trade district will be strengthened. Irma has also recently ...

Thumbnail-Photo: Behind the curtain: Inside Amazon
18.05.2020   #online trading #marketing

Behind the curtain: Inside Amazon

A Frankfurt startup helps sellers to improve their ranking on the platform

"I want to successfully promote and sell my products on Amazon" - that's the goal of many sellers. It comes as no surprise as the Seattle-based online store has evolved to become the largest e-commerce marketplace in Europe since its ...

Thumbnail-Photo: Reflexis successfully expands into Baltic region by signing Maxima Latvia...
08.07.2020   #POS communications #workforce deployment

Reflexis successfully expands into Baltic region by signing Maxima Latvia

Region’s leading retail chain chooses workforce management solution

Reflexis Systems, the leading provider of intelligent workforce management and execution solutions for multi-site businesses in retail, food service, hospitality and banking, today announced that Maxima, one of the largest Latvian retail chains, has ...

Thumbnail-Photo: Digital access controls support distancing requirements in the era of...
06.07.2020   #brick and mortar retail #retail

Digital access controls support distancing requirements in the era of Corona

Essential staff are relieved and the risk of infection is reduced

Since the beginning of the pandemic, larger supermarkets and discounters have been imposing entrance restrictions to ensure that only a certain number of people are allowed within their Stores. Usually the access management is carried out by ...

Thumbnail-Photo: Europe to dominate open banking implementation...
26.05.2020   #mobile payment #payment systems

Europe to dominate open banking implementation

Instant messaging users to reach 4.3 billion in 2020, as new payment services emerge

A new study from Juniper Research found that the number of instant messaging users will reach 4.3 billion in 2020, rising from 3.9 billion in 2019. This is a growth of 9 percent year-on-year, largely driven by an increased need for remote ...

Thumbnail-Photo: SALTO releases the SALTO Neo Cylinder
18.08.2020   #access control #access control systems

SALTO releases the SALTO Neo Cylinder

State of the art, wireless access control technology

SALTO Systems, a leading manufacturer of electronic access control solutions, has released the SALTO Neo Cylinder – a new electronic cylinder that offers more features and better functionality than any other cylinder on the market. ...

Thumbnail-Photo: Hobbii continues the growth adventure …
23.06.2020   #POS systems #brick and mortar retail

Hobbii continues the growth adventure …

… with new stores and several digital initiatives

The online store Hobbii.dk continues the opening of physical stores with the launch the third store in Tarup shopping center in Odense, Denmark. The close collaboration with Delfi Technologies, which is based on several digital initiatives, will ...

Supplier

CCV GmbH
CCV GmbH
Gewerbering 1
84072 Au i.d.Hallertau
Poindus HQ - Taiwan
Poindus HQ - Taiwan
5F., No.59, Ln. 77, Xing-Ai Rd.,Neihu Dist.
Taipei City 114
Apostore GmbH
Apostore GmbH
Uferstraße 10
45881 Gelsenkirchen
SALTO Systems GmbH
SALTO Systems GmbH
Schwelmer Str. 245
42389 Wuppertal
Adasys GmbH – a Poindus Company
Adasys GmbH – a Poindus Company
Max-Planck-Straße 10
70806 Kornwestheim
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
Reflexis Systems GmbH
Reflexis Systems GmbH
Kokkolastr. 5-7
40882 Ratingen
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven