Why and How you must secure your Point of Sale System?Srikanth Singh Thakur
Transformation is the ground rule within the retail sector and it can happen in various ways – digitally, physically, conceptually, or in any way the industry wants it to be. In the current scenario, the retail segment is facing the challenges thrown by ecommerce and constant struggle to ensure Omni Channel experience. Even Security of the applications and the Point of Sale (PoS) systems is a growing concern due to threats posed by the digital platforms. Hence, POS Testing is becoming absolutely critical for all kinds and sizes of retail players across the globe.
A POS system is a computer which is connected to a receipt printer, cash drawer, credit/debit card reader, a bar code scanner, etc. Retailers use an automated retail system where the store cash registers are linked to the computer processing systems. Merchandise is tagged with coloured bar code tags, which are collected at the checkout counter. The computer accumulates sales transaction information on magnetic tape for daily input into the computer memory bank or storage system. It is similar to an input into the sales journal, which is rolled up into the stock ledger.
What is POS software and why is it so critical?
Point of Sale (POS) software is also referred to as electronic Point of Sale (EPoS), which is an essential application for retail or hospitality businesses. It manages checkout operations and displays transactions that customers are able to see. It is a component of a measuring instrument that is approved for trade and is used for creating labels, receipts, or printouts.
Point-of-sale systems (POS) represent the computerization of the cash register and their linking to data-bases—thus providing businesses with more digital data and the ability to know themselves. POS systems give businesses the ability to retain and analyse a wide variety of inventory and transaction data on a continuous basis.
They have been touted as valuable tools for a wide variety of business purposes, including refining target marketing strategies, tracking supplier purchases, determining customer purchasing patterns, analysing sales (on a daily, monthly, or annual basis) of each inventory item, department, or supplier; and creating reports for use in making purchases, reorders, etc.
Basic point-of-sale systems currently in use include standalone electronic cash registers, also known as ECRs, ECR-based network systems, and controller-based systems. All of these essentially function as sales and cash management tools with its unique features. POS software or POS systems are located wherever a transaction occurs, which generally implies the terminal that is used for checkouts.
Some systems are the equivalent of an electronic cash register, used to make and record a sale in a restaurant, cafe, retail store or supermarket, and also in hotels, stadiums and casinos. Point of sale systems can also be used as a part of a more sophisticated IT system, linked into back-office stock control, and customer relationship management (CRM) applications.
How can you secure your POS system?
It is possible to secure your POS application by using ‘white listing’ security software so that only approved applications or devices can access the network. UK retailer Marks & Spencer is using this to secure over 16,000 POS systems, and also to enforce Payment Card Industry (PCI) Data Security Standard (DSS). The “white listing” software, which is from Bit9, stops malicious, illegal and unauthorised software from running, thereby preventing data leakage. In competitive businesses such as retail, a POS can be a key differentiator. Good POS software package increases efficiency by eliminating unnecessary work and can manage the entire business. If the POS system doesn’t work as expected then grave repercussions might happen.
More manpower might be needed due to unreliability and slowness of checkouts. There could be risks of incorrect inventory records and employee thefts. Erroneous Sales reports would not provide correct inventory levels and hence controlling cost would become a challenge. It could also result in extreme difficulty in tracking promotions, discounts, and coupons. Even incorrect loyalty member data could be used resulting in loss of business due to non-repeating customers etc.
Clearly it is very important for POS applications to be reliable, scalable, easily maintainable, highly secured, and easily customizable by the customer and hence it demands a lot of focus on effectively testing the solution before it gets deployed. To ensure quality of POS software, proper testing of the application is very crucial. Just like any other application, to test a POS, a good test plan should be developed too.
To test a POS, one has to focus on a lot of things, namely,
- Cashier activity: This includes customer transactions such as the entry of items, tender, Store Value Cards, discounts and layaway.
- Store Server and Back Office Integration: Verification of POS interaction with store servers and back office systems. Registered transactions can be verified against the Electronic Journal for accuracy.
- Platform check: If the POS supports multiple-platforms then verification of the functionality on all the platforms should be a part of testing.
- Sales: Regular sale, Sale with credit/debit/gift card, return, exchange, loyalty member purchase, items, quantities and prices.
- Manage return and exchange: Return and exchange of an item with different tenders (cash, credit etc.), with and without receipt.
- Discounts and Promotions: Item % discount, military discount (applicable in US), line item discount, etc.,
- Loyalty Members Data: The system keeps track of what your customers are buying and who they are. A good POS System will also have reminder dates for each customer so you can call or e-mail them prior to an anniversary or birthday.
- Ability to Read a Card: There are various types of cards in the industry today. (Magnetic Stripe, CAV, etc.), this should be tested extensively.
- Performance:Speed or the time taken to send a request (read) and receive response, and applying the transaction based rules.
- Negative Scenarios:Monitor various transaction declined scenarios (Invalid Card/PIN/Expired Card, etc.)
Cigniti assists retailers (individual as well as large chain retail) in assuring quality across their enterprise applications, leveraging Cigniti’s IP BlueSwan while minimizing the costs and risks. Cigniti’s end-to-end testing processes for retail industry help you in supporting your initiatives of enterprise re-platform/upgrade/migration/set-up of complex integration between latest CRM, OMS, WMS, Cloud, Mobile, and Web Applications.
Srikanth Thakur is a passionate professional with 14+ years of industry experience in Testing. He has worked on multiple domains and SME (Subject Matter Expert) for Logistics, CRM, eCommerce, Retail, POS Testing and WMS Domains, Represented as ATM (Appraisal Team Member) for CMMi Level 5 Appraisals. He was even involved in important initiatives and tasks related to Testing Processes.