Point of sale (POS) systems are what we used to call electronic cash registers, which really weren’t much more than a cash drawer bolted onto the bottom of a PC. But as these systems have gotten more sophisticated, they’ve played an ever-increasing and important role in how a business can integrate its accounting systems, cut operating costs, track inventory and improve its supply chain partners’ efficiency.
The wrong systems can literally send customers out of the store in frustration, while the right ones can deliver higher levels of service and increased customer satisfaction. Here are some examples of how retailers have evolved their POS systems and have integrated them into their overall IT operations.
Last year, hackers compromised POS systems of clothing designer Nanette Lepore by reconfiguring the company’s outdated firewalls and selling stolen credit card numbers from the retailer’s high-end clientele. This happened because the chain had few security measures or proper procedures in place.
“All our store clerks were using the same password to access the POS,” says Jose Cruz, the network manager for the New York City-based retailer. “It was wide open. No one had ever thought to change passwords periodically, or even to use different ones for each employee. Prior to my arrival here, the emphasis on POS security wasn’t urgent. Needless to say, that’s all changed.”
Cruz got a call that no one ever wants to receive—from the FBI—stating that several customers had received fraudulent credit card charges. This led to finding out that the company’s DSL routers had been hacked, and its firmware had been changed to allow hackers inside their network.
“At least three months’ worth of information was pulled from our networks,” Cruz reports. “Given that our average transactions are several thousand dollars, [the hackers] were clearly targeting us.”
Three of the designer’s stores had to close for a few days while security was beefed up. To protect the stores and branch office applications, the company installed Sonicwall’s unified security appliances, set up temporary accounts with time limits for service and maintenance personnel, and began enforcing the use of Secure Sockets Layer (SSL) VPNs for secure remote access. It also set up password policies and beefed up procedures for using the POS and credit card systems.
“We learned our lesson from the security breach, but there are a lot of other retailers that are still not as well-protected as we are,” Cruz says. “For us, it was a matter of rapid growth that overtook the level of technology the company previously used. We are in a much better place now, which benefits our clientele, too.”