Wednesday, August 28, 2013

Retail Store POS Systems Playing a Bigger Role in Cross-channel Orders

According to a study "Retail Store POS Systems are Playing a Bigger Role in Cross-channel Orders"

More multi-channel retailers are allowing customers to place web and catalog orders, check inventory and complete exchanges and returns via their in store point-of-sale systems according to a recent study by Aberdeen Group Inc.

Multi-channel retailers today are finding that their in-store point-of-sale systems can help them do a lot more than complete transactions, according to a recent report by Aberdeen Group Inc.
The report, “Migrating to Customer-Centric Point of Service,” investigated how businesses are upgrading their retail management systems to better serve customers. The responses from more than 175 small and mid-sized and retailers showed that 34% of “Best in Class” retailers have upgraded their in-store POS terminals to enable customers to complete cross-channel purchases, such as web purchases, track online and catalog orders and make returns and exchanges

Aberdeen’s Best in Class category of retailers report an average checkout time of 1.5 minutes and had year-over-year average transaction value growth of 19.5%.

Sahir Anand, research analyst, retail industry for Aberdeen Group and author of the study, says using the POS for more than simple in-store purchases is a developing trend. “Even the Best in Class retailers need to improve, but they are gradually moving toward making the POS more customer-centric,” Anand says. “If a customer walks into a store with a web order, he could return it at the POS, or if he wants to exchange an item for an item not in the store, he could go online and order it.”

Multi-functional POS systems can help retailers foster an enterprise-wide focus on improved customer satisfaction and revenue growth, the study says.

Source

Saturday, July 20, 2013

MURTEC INSIGHTS: Operators Reveal Top POS Must-Haves

The 2013 Multi-Unit Restaurant Technology Conference offered the opportunity for restaurant and technology executives to come together and discuss pressing industry issues of the day. One of the luncheon topic tables tackled the issue of POS Operating Systems – Navigating Choices and Considerations. The discussion was moderated by Lee Holman, Lead Retail Analyst, IHL Consulting and he was joined by representatives from Amco Foods, Firehouse Subs, Buffalo Wild Wings, The Malnati Organization, Arby's franchisee -- The Bailey Company, Thomas Keller Restaurant Group, and Huddle House.  Here, Holman recaps the insights that the table discussion yielded.

We started out our session by reflecting upon the statement made in a session from earlier in the day by McDonald’s CIO Frank Liberio. Liberio revealed that McDonald’s had one POS system (hardware and software) for all 32,000 global locations. Conventional wisdom says that retail segments with a heavy franchise mentality, such as QSR and convenience stores, trend away from homogeneous POS, mainly due to the maverick nature of some of the franchisees. But of the seven restaurant chains represented by the participants in our conversation, six of them claimed that they too had a single POS system for their entire chain. When pressed, there were a couple of respondents that admitted that there were some installations that weren’t quite in step with the rest of the chain from a POS hardware standpoint, but the POS software tended to be completely homogenous.

Breaking down the operating system
When asked which OS they were currently using, participants revealed that one was using Linux openSUSE, one was not using an OS (they were using an older PROM-based system), and the remaining five participants were using a combination of Windows XP and XPe, with some pilots being conducted with Windows 7. Based upon previous IHL Group research, this is actually a fairly reasonable approximation of the OS landscape in the restaurant segments in North America.

The Windows proponents were in general agreement that the user interface was of great value when it came to reducing training hours, and the development environment was an advantage when new or secondary apps were required. The Linux aficionado admitted that supporting Linux tends to be a bit more “non-restaurant” in terms of focus than simply paying license fees to Microsoft, but the familiarity with Linux in their particular case made that consideration a wash.  

The next phase of POS
Going forward, for their next POS upgrade, these restaurateurs were not swayed by any greener grass. The lone Linux user was looking solely at Linux going forward, and the Windows users were planning on Windows 7 (not Windows 8, which was just released six months prior). Interestingly, there was no discernible evidence that the decision to use either Linux or Windows 7 was driven by their planned adoption of mobile devices, nor did their selection of mobile device hinge upon their existing or planned OS choice. Among those considering mobile devices, they tended to stray very little from their existing POS provider when it came to the POS software for their mobile devices. This too is very consistent with previous research conducted by IHL. 

POS must-have components & considerations
As the conversation began to wind down, there was a strong sense that OS choice wasn’t really the primary consideration for the participants. The focus on “OS agnostic” hardware and software in recent years may be the main driver here. (We have made the point before that there is a preference to refer to “OS Apathetic” hardware and software rather than “OS Agnostic” simply because one would prefer to have the sense that the hardware or software doesn’t care rather than doesn’t know what OS it is running on.)
When asked point blank what considerations for their next POS system were more important than the operating system, the restaurateurs responded as follows.

POS Functionality
Data Connection
Software Development Kit
Payment Capability in Case of System Failure
Ease of Use
Hardware Cost

In conclusion, we seem to have entered a period where the specific POS operating system is further down the scale in terms of overall importance than it has been in days past. The overarching view is that the functionality and supportability of the POS system as a whole is what matters most, and whether it is Linux- or Windows- or IOS- or Android-based matters little. This means that the burden is upon the technology providers, more than ever before, to develop and deliver solutions that meet the needs of the restaurateurs, not expect restaurateurs to adapt their operations to suit the technology.

Source

Friday, July 19, 2013

Revel Systems Raises $10.1M To Help It Grow iPad Point-Of-Sale Business Internationally

Revel Systems, purveyor of iPad-based point-of-sale systems for restaurant, retail and other customer-service facing businesses, announced its $10.1 million Series B funding round today. The new investment comes from Tim Tighe, former CEO of Hungry Jack’s and SVP of McDonald’s Southeast Asia, and Sean Tomlinson, serial entrepreneur. Both are private investors based in Asia, and the source of the funding reflects Revel’s larger goals.

The SF-based Revel aims to continue its growth both at home and abroad, but will be opening new offices in both Asia and Australia with the help of this round. The new offices, combined with continued efforts to grow at home, will require a significant headcount increase, according to Revel, with its San Francisco-based staff set to increase by 50 percent immediately on the tail of this raise. Another target for domestic investment from the funding is a west coast distribution center for the iPad-compatible hardware that Revel provides its customers, which include countertop terminals, printers, scales and cash drawers.
Tighe joins Revel’s advisory board as part of the deal, and Tomlinson gets added to the Board of Directors. Both bring the kind of experience Revel needs to help smooth and accelerate its international positioning, which is a key part of the company’s business strategy after having expanded successfully across a number of different market verticals at home in the U.S. I asked about the challenges Revel faces moving into new markets, and how additional expertise will help.

“Each of the countries that we are moving into is more strict than the USA, since most of them are already using EMV [chip card payment standard],” Revel co-founder Lisa Falzone said in an interview.

“However, Revel already has a good year head start on EMV, since we were the first iPad POS to announce EMV processing earlier this year… The nice thing about the UK and EU is the new payment players that are making it easier for new POSs to enter the market. For example, we can connect into SumUp and Ayden and be good for almost all EU and UK with one six-month integration, which is really nice since it makes the time to entry a lot less.  ”

Other challenges include negotiating language localization and tax rules, but Revel is able to tackle these through allocation of new funds and with the help of expert local advisors. Existing players in the market like Micros are also a challenge, but Revel says it has little in the way of internationally based competitors when it comes to those offering similarly disruptive use of technologies like the iPad.
This round is all about stepping up the rate at which Revel can expand, according to Falzone. The company has talked previously about its success and ability to stand on its own, but taking on additional investment really opens up what it can do in relatively little time.

“[The funding] really accelerates the pace,” she said. “Revel has proven that it can do a lot with a little – we are profitable as of December of last year and are growing as funds allow. Now that we can have an abundance of funds, we’ll really be able to speed up the process.”
Coming up on the product side, Revel is looking to build out its enterprise options with new features, Falzone says, though she wasn’t able to share any details. Adding more for larger businesses is another key part of Revel’s growth strategy, however, so expect to see this help with its efforts to court larger brands and companies.

Source

Ezetap Launches $50 Mobile Point of Sale Device

Bangalore-based Ezetap has launched a new mobile point-of-sale device that will cost a lot less than similar products in the market, while meeting global security standards and RBI guidelines.

Rapid growth in India's online retail and financial service sectors is leading to a demand for secure point-of-sale devices, as companies move towards non-cash based transactions. Overall, credit and debit card based transactions in India are expected to touch 862 million this year, a growth of 33 per cent over last year, according to a report by Atos Worldline India, the electronic payment arm of French IT major Atos.

"India is the toughest market, very competitive and cost sensitive," said Ezetap co-founder Abhijit Bose, who expects to sell one million devices in the next two years. The Ezetap device, will be priced at around Rs 2,900, consists of a light-weight card reader that can be plugged into any smart device or feature phone used by a retailer. Customers need to only swipe their cards on the mobile to complete the transaction.

"Most people prefer cash on delivery. And it became difficult, when they did not have exact cash at the time of delivery," said Abhinay Choudhari, co-founder of online grocery store BigBasket.com, who has about 1.5 lakh customers. Experts said with the government promoting digital payments, the mobile point of sale market is expected to soar. "Millions of mom-and-pop businesses, or kirana shops, cannot afford expensive integrated point-of-sale solutions," said Uttam Nayak, group country manager for India at Visa.

There are a number of companies that offer mobile payment solutions, including Mswipe, Prizm Payments and Synergistic Financial Networks. "It is a very competitive space," said Nayak who expects the insurance and ecommerce industry to be the biggest adopters of mobile point of sale solutions.

Ezetap has bagged banking customers, such as Citibank and Yes Bankas well as those in the ecommerce, telecom, insurance and hospitality sectors. The company has launched operations in Kenya and expects to enter the South-East Asian markets in the next three months.

Source

Wednesday, July 17, 2013

Multipost Retail Systems, Named RSPA Certified Retail Technology Provider

Multipost Retail Systems (http://www.multipost.ca), a leader in point of sale (POS) and inventory management and control systems for small- to mid-sized retailers, is pleased to announce it was recently named a Retail Solutions Providers Association (RSPA) Certified Retail Technology Provider.
According to RSPA’s industry standards, Multipost Retail Systems received the certified technology provider status by demonstrating a commitment to excellence and an exceptional level of professionalism. As an RSPA Certified Retail Technology Provider, Multipost Retail Systems is recognized as ethical and fair, and it stands behind the POS software and hardware and inventory management and control systems it sells and supports.
“We are pleased to be recognized as an RSPA Certified Retail Technology Partner,” says Harry Magerman, owner of Multipost Retail Systems. “This certification validates Multipost Retail Systems’ commitment to our customers that our advanced POS products and inventory management control solutions don’t just help improve the retail customer experience, but also meet some of the industry’s most rigorous and comprehensive standards.”
The RSPA, the only association dedicated to the retail technology industry, launched its Industry Certification Program in 2009. The program, which identifies professionals in the retail technology industry, was developed to set and maintain the bar of professionalism for retail technology vendors and resellers.
“Multipost Retail Systems is always working to keep up with the latest in retail innovations and is thoroughly committed to providing retailers with the best in reliable, easy-to-use, and cost-effective point of sale software and hardware solutions,” Magerman adds.
Multipost Retail Systems is a leader in POS and inventory management and control systems for small- to mid-sized retailers. Multipost is also the developer and marketer of the “Smart Vendor” POS software for retail businesses. Over the last 30 years, Multipost Retail Systems has helped thousands of Canadian businesses coast-to-coast implement the most advanced, reliable, easy-to-use, and cost-effective POS software and hardware solutions.
For more information on Multipost Retail Systems, visit http://www.multipost.ca. Contact Multipost Retail Systems at info(at)multipost(dot)ca or call 1-800-561-0500.
Source

Tuesday, July 16, 2013

A Look at Point of Sale RAM Scraper Malware and How it Works

A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.
Although it's been getting quite a bit of publicity recently, we actually first identified it as a threat back in December 2009 and wrote about it in an article on Naked Security entitled Will RAM scraping loosen the sky and make it fall?.
Answering that question today, it just might!
Actually, the situation isn't that bad - yet - but this malware family has definitely become more complex and far-reaching. In this article, we take a step back from the technical details and look at the evolution of PoS RAM scrapers.
What do PoS RAM scrapers do?
In a nutshell, PoS RAM scrapers steal payment data - such as credit card track one and track two data - from the RAM of PoS systems.
The payment card industry has a set of data security standards known as PCI-DSS. These standards require end-to-end encryption of sensitive payment data when it is transmitted, received or stored.
This payment data is decrypted in the PoS's RAM for processing, and the RAM is where the scraper strikes. Using regular expression searches, they harvest the clear-text payment data and send that information to rogue callhome servers.
Why do we care about PoS RAM scrapers? How does it hurt me?
I believe this malware family has a higher probability of burning a hole in your pocket compared to other prevalent malware families.
In today's plastic money economy people are carrying cash a lot less than before. Aside from a handful of stores, the majority of retailers accept debit or credit cards. Payment cards are convenient, quick, supposedly-secure, and you don't have change jingling around in your pockets.
PoS RAM scrapers target the systems which process debit and credit card transactions and steal the sensitive payment information. Your home computer might be super secure, but there is no guarantee the PoS system at your neighborhood grocery store has the same level of security. You might end up losing your credit card data buying a candy bar!
How have PoS RAM scrapers evolved?
Sophos detects PoS RAM scraper malware under the family name Trackr (e.g. Troj/Trackr-Gen, Troj/Trackr-A) Other AV vendors detect this malware family with a variety of names, the most common name being Alina.
Some of the earliest variants of Trackr had simple functionality that worked like this:
  1. Install as a service
  2. Use a legitimate-looking name
  3. Scan RAM for credit card track one and track two data
  4. Dump the results into a text file. This text file was then probably accessed remotely or manually.
Over the years Trackr has become more industrialized, with some cosmetic changes and added bot and network functionality.
Our friends at Trustwave SpiderLabs have written two excellent articles, Alina: Casting a Shadow on PoS and Alina: Following The Shadow, about the inner workings of the Trackr family.
Till now we have observed the following types of Trackr:
  • Basic version (not packed, scrapes RAM for credit card information)
  • Complex version (added socially-engineered filenames, bot and network functionality)
  • Installed DLL version (the DLL is registered as a service and performs the RAM scraping)
  • Versions one and two packed with a commercially-available packer
  • Versions one and two packed with a custom packer
Most recently, SophosLabs discovered the highly-prevalent Citadel crimeware targeting PoS systems.
The Citadel malware uses screen captures and keylogging instead of the RAM-scraping technique used by Trackr. Citadel's focus on PoS systems demonstrates that this avenue is fast becoming a point of serious concern.
Who do PoS RAM scrapers target?
One of the earliest serious PoS RAM scraper attacks that we observed was back in November 2011 when we found that a university and several hotels had their PoS systems compromised. Later we saw varied targets including an auto dealership in Australia infected with Trackr.
To better understand the threat we gathered statistics about the various industries targeted by Trackr during the past 6 months (as observed using Sophos Live Protection):

 
It doesn't come as a surprise that the biggest targeted industries are:
  • Retail
  • Service
  • Healthcare
  • Food services
  • Education
  • Hotel and tourism
In these industries there's a high volume of credit and debit card transactions taking place, meaning they have goldmines of payment data that can be harvested.
Compromising a single PoS system (e.g. in a fast food outlet) may yield thousands of credit cards per week, cheaply - much easier to gather 10,000 credit card details from one PoS system then attempt to infect 10,000 PCs, hoping to grab the data from there.
If not protected properly, PoS systems become easy targets - a single point of failure that can affect thousands of people.
In addition to the breakdown of industries targeted, we also looked at the countries where we saw Trackr infections over the same time period:

  
Again, no surprises that the developed countries top this chart with the US, where credit cards are abundant, taking the #1 spot.
In fact, the Trackr infection numbers match up closely with the credit card country usage statistics published by Visa.
So how does Trackr get on a PoS system?
We have used the term PoS quite generally throughout this article. PoS is the place where a retail transaction is completed. So a PoS could be some custom hardware/software solution, a regular PC running PoS software, a credit card transaction server, or something similar.
Big box retailers and chain stores have security-hardened PoS systems, and we have not seen any major evidence of these large organizations getting compromised with Trackr.
The victims tend to be mostly small to medium sized organizations who will typically have less investment in defensive counter-measures.
Based on our analysis there were two main methods of infection:
Insider job
Someone with active knowledge of the payment processing setup installs a RAM scraper to gather data. The early Trackr samples dropped their harvested data in a plain text file which we suspect was manually retrieved or remotely accessed.
The malware had no network functionality and we found no evidence of a top-level dropper/installer.
Phishing/Social Engineering
These are the common infection vectors with the more complex versions of Trackr. The socially engineered filenames we have observed include Taskmgr.exe, windowsfirewall.exe, sms.exe, java.exe, win-firewall.exe, and adobeflash.exe. This suggests that the files were delivered as part of a phishing campaign, or social engineering tricks were used to infect the system.
Importantly however, Trackr is not seen regularly in the mass-spammed malware campaigns that we observe daily. Rather it is highly targeted towards a group of relevant businesses.
To conclude, it is not always a safe solution to pay for everything with cards.
Everyone should follow computer security best practices and consumers should proactively sign-up for credit monitoring services so they don't becomes victims of credit or identity theft.
Businesses big and small need to make investments to protect their critical PoS infrastructure. Just like they wouldn't keep their cash registers unlocked for someone to grab money out of them, PoS systems need proper protection.

Source

Monday, July 15, 2013

Heckler Design Releases New Point-of-Sale iPad Stand



PHOENIX, July 12, 2013 /PRNewswire-iReach/ -- Heckler Design, a Tempe, Ariz.-based product design company, today announced the release of its WindFall C, a secure point-of-sale iPad stand designed to be compatible with PayPal Here™ and virtually every card reader available today.
The WindFall C is a slight variation on the original Heckler Designed-WindFall, previously only compatible with certain readers. The new design carries over the beautifully simple, patented design and commercial-grade construction, which made the original the preferred choice for iPad-based point-of-sale systems. The WindFall C is available in several popular colors.
"Conventional point-of-sale hardware is no longer conducive to the personal checkout experience retailers and shoppers want," said Dean Heckler, founder of Heckler Design. "The WindFall and WindFall C were designed to deliver the best point-of-sale experience possible. Now with the WindFall C, retailers using PayPal Here™, Intuit's GoPayment, ShopKeep, or Groupon's Breadcrumb, among other card readers, can turn the point-of-sale into a point-of-customer-interaction."
The WindFall C is widely available through popular POS vendors such as ShopKeep POS and direct through www.HecklerDesign.com.
About Heckler Design
Heckler Design, known for its renowned OneLessDesk, creates beautifully simple, commercial-grade products for design-conscious consumers and businesses. Heckler Design's products currently include office furniture, desk accessories, iPad stands, and point-of-sale hardware. Founded in 2007 and headquartered in Tempe, Ariz., all of Heckler Design's products are designed by Dean Heckler and made in America. More information is available at www.HecklerDesign.com
Media Contact: Beth Cochran, Wired PR, 602-758-0750, beth@wiredprgroup.com
News distributed by PR Newswire iReach: https://ireach.prnewswire.com

 Source