Company News • 20.01.2016

How secure is your mobile POS?

The preferred approach is semi-integrated

Photo: How secure is your mobile POS?
Source: APG Cash Drawer

One of the most common questions regarding the use of tablets and smartphones in mobile POS systems is, “How secure are they?” The answer depends on the installation.

The PCI (Payment Card Industry) list of validated applications so far does not include Apple’s iOS or Google’s Android mobile systems, but that doesn’t mean securing these systems is impossible. Participants in a panel discussion moderated by Stephen Bergeron, APG’s Vice President of Global Marketing, at RetailNOW in early August discussed the various approaches to protecting POS data in smartphones and tablets.

One of the biggest sticking points is the potential for hacking when transaction data first enters the smartphone or tablet. Anytime data is added to a mobile device in a POS system, just about any app on the device potentially can access the data, said Adam Perella, Manager with 403 Labs, the Security & Compliance division of Sikich LLP. Even if the device itself automatically encrypts the data, there’s a moment when the data is in clear text and, as such, at risk.

How secure that data is depends on the lengths to which the POS system’s developers went to prevent prolonged exposure of transaction data once it enters the device. Perella urged VARs to research a solution’s security before recommending it to customers. If the solution hasn’t been validated against the Payment Application Data Security Standard (PA-DSS) by a Payment Application Qualified Security Assessor (PA-QSA), it’s best to stay clear of it.

Supplier
Logo: APG Cash Drawer

APG Cash Drawer

4 The Drove
BN9 0LA Newhaven
UK
Photo: How secure is your mobile POS?
Source: APG Cash Drawer

Eric Lecesne, Vice President of Product Management at identification products maker ID Tech, said the best way to secure transaction data is to encrypt it before it gets to the mobile device. To strengthen protection, he said, you can add a layer of what he called “active security” – a mechanism to erase any data in the device should someone ever try to break into it.

David Gosman, Senior Vice President at payment card processor Heartland Payment Systems, pointed out the need for securing the point-of-sale system with tools such as antivirus and only using POS software that is PA-DSS validated. Beyond that, Gosman said how you set up the POS system also has an effect on security. He listed three basic approaches – integrated, non-integrated, and semi-integrated.

The most popular approach is integrated, which routes the data into the POS system, regardless of whether it’s encrypted, and the system processes card payments. Non-integrated systems separate the POS from the card payment processing device. “It’s not really a great customer experience, because you ring it up here, and then you’ve got to type in the dollar amount there on the second terminal. That’s not so good.”

The preferred approach is semi-integrated, “which means that the POS is driving the actual transaction, but all the transaction data is going directly from your payment device right up to your processor,” Gosman said. “What that means is that your POS software never gets access or visibility to the credit card data, encrypted or not.” Encryption is recommended in all cases, but all things being equal, the semi-integrated approach is the most secure method to process integrated payments.

Perella endorsed the idea of network segmentation to prevent breaches. “We encourage resellers, or anybody who’s going to be installing these devices, to look at how the devices are connected and to segment them, if possible, so that a POS system talking to the back of house server can’t talk to the computer employees use to surf the Internet.”

There was a lot of good food for thought during the panel discussion. Anyone installing mobile POS systems should heed the advice of these experts to ensure their customers’ POS systems are safe.

Source: APG Cash Drawer

related articles:

popular articles:

Thumbnail-Photo: drs//POS – The POS system for many check-out situations...
13.09.2019   #pos systems #cashpoints

drs//POS – The POS system for many check-out situations

With the POS system developed by Superdata you are put in the picture

The POS acts as an ear in the store. It affects how timely, and with what information, decision makers at the head office are in a position to assess developments in the store and are able to respond appropriately to the situation.With our POS ...

Thumbnail-Photo: Silver Surfers: Older adults ride the wave of mobile technology and shop...
01.08.2019   #online trading #e-commerce

Silver Surfers: Older adults ride the wave of mobile technology and shop online

The increasing importance of e-commerce for senior citizens

You are wrong if you think it’s mostly young people who spend time online. Older adults are also increasingly embracing online shopping with enthusiasm.In this interview, Spencer Hinzen, Director of Sales, Central Region, Ruckus Networks, ...

Thumbnail-Photo: When customers become cashiers
01.10.2019   #epos systems #mobile payment

When customers become cashiers

Treading a fine line between traditional and visionary, between checkouts and codes

For years, we have done this in online stores: we fill our shopping cart, click to pay and are excited about our purchase. Thanks to the snabble app - now available at the Knauber Hobbymarkt in Bonn and at IKEA in Frankfurt – consumers can ...

Thumbnail-Photo: Introducing a new, powerful mobile POS in Posiflex’s MT series...
25.06.2019   #epos systems #cashpoints

Introducing a new, powerful mobile POS in Posiflex’s MT series

MT-5310W from Posiflex combines the mobility of a tablet with the functionality of a fixed POS terminal. .

Today’s customers have higher expectations than ever when it comes to service. To meet and exceed customers’ ever-growing expectations, Posiflex is pleased to present MT-5310W, the latest addition to the popular MT series: a hybrid ...

Thumbnail-Photo: The iXtenso editors tested self-scanning ......
30.09.2019   #mobile payment #self-checkout systems

The iXtenso editors tested self-scanning ...

... with an app of the Hobbymarkt Knauber in Bonn, Germany

Snabble has developed a payment app that allows customers to scan their purchases in retail stores and pay online. I wondered: How does it work?The app is in use in the Bonn DIY and hobby market Knauber, among other places. Let’s make a move ...

Thumbnail-Photo: Nets and Swish partner on in-store payments pilot...
23.07.2019   #mobile payment #mobile terminals

Nets and Swish partner on in-store payments pilot

Bluetooth tech enables scalable instore payments for mobile payment app

Nets, a European payments company, and Swish, the number one payments app in Sweden, announce their collaboration on an in-store payments pilot program.Until now, Swish has mostly been used for account-to-account transactions and, more recently, ...

Thumbnail-Photo: Mobile payments at the supermarket checkout
05.08.2019   #mobile payment #smartphone

Mobile payments at the supermarket checkout

An early adopter’s experience of mobile payments

Or: "What’s that you’re doing with your watch?“I still remember the first time I used mobile payment technology and paid for items with my smartphone at a supermarket checkout: It was October 17, 2018, exactly seven days after ...

Thumbnail-Photo: Tackling organized retail crime with video analytics...
26.06.2019   #video surveillance #digital video surveillance

Tackling organized retail crime with video analytics

Inpixon joins forces with National Anti-Organized Retail Crime Association

Inpixon, an indoor positioning and data analytics company, announced it is collaborating with the National Anti-Organized Retail Crime Association (NAORCA Worldwide) to combat retail crime by providing a free 90-day trial offer for IPA Video™ ...

Thumbnail-Photo: retail trends 3-2019: focus checkout zone
16.09.2019   #mobile payment #customer satisfaction

retail trends 3-2019: focus "checkout zone"

Shopfitting, technology, marketing: What does a checkout have to do nowadays?

Read our latest edition retail trends 3-2019 online as an e-paper. ...

Thumbnail-Photo: Improving performance with video training
19.06.2019   #personnel management #video

Improving performance with video training

Video tutorials for inventory management or customer service excellence

Smart Retail Solutions (SRS) has announced their ProfitTrax Platform is now including Best Practice Video Training in its Advanced Analytics Suite. Their team has successfully implemented the update because they believe the key to profit improvement ...

Supplier

APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven
iXtenso - Magazin für den Einzelhandel
iXtenso - Magazin für den Einzelhandel
Celsiusstraße 43
53125 Bonn
Superdata GmbH
Superdata GmbH
Ruhrstr. 90
22761 Hamburg
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden