Point-of-sale (POS) systems have long been fixtures of the quick service food industry, playing a central role in helping employees serve customers quickly and efficiently. Today, managers must also be prepared to address issues relating to POS security. As POS systems are the centerpiece of funds that flow in and out of QSRs, both internal and external security breaches can have devastating effects on profit margins. Below we address two growing POS security concerns all managers should be aware of and strategies for avoiding these potential security breaches.
External attacks: Hackers
Jason Berryhill, Secret Services Agent and POS fraud specialist, recently noted retail and food and beverage businesses are at great risk of security breaches. According to Berryhill, “software POS systems are the path of least resistance. POS attack methods are consistent across targets – they are cookie-cutter attacks performed in mass. Attackers scan IP address ranges for POS signatures – targets of opportunity – and there is no shortage of targets.” When hackers obtain a customer’s personal information, trust is destroyed and the fraud reimbursement costs are significant. “In the past few months there have been three separate POS compromises involving 3,500 individual locations,” Berryhill said. “All three instances occurred because of bad passwords or remote access. The cost for fraud reimbursement and other damages was $240,000 per incident.”
Requiring regular system-enforced password changes is an easy first step in securing POS systems. Additionally, it is important to work closely with your POS vendor to disable remote access connections, update your antivirus software and perform network penetration tests regularly.
Internal attacks: Shrinkage
Intentional shrinkage usually occurs during checkout when an employee takes orders, accepts more cash for the purchase than he/she enters into the POS system and pockets the extra cash. The National Restaurant Association estimates that internal employee theft is responsible for 75 percent of all inventory shortages in restaurants, which is approximately four percent of total restaurant sales.
For years, video surveillance has been used in an attempt to stop intentional shrinkage. However, low-quality footage often made it difficult to prove the crime occurred and scrolling through hours of footage to find the culprit was taxing. In addition, many surveillance systems were not set up to capture the POS screen, making it difficult to identify specific fraudulent transactions.
To guard against shrinkage, many QSRs are adapting integrated POS and digital video surveillance systems, which allow owners to compare real-time videos against POS collected data, as well as search specifically for higher known risk transactions such as refunds, no sales, voids and coupons. New integrated POS and security solutions support an array of intelligence-gathering technologies, including innovative surveillance options and analytics capabilities that are not supported by older POS systems. These new solutions offer networked cameras, video recording and inventory control technology that are connected by software, enabling QSR managers to proactively manage, monitor and control every transaction. Integrating POS systems with security cameras is the easiest way to ensure the correct payment is collected after each transaction. When suspicion is raised, managers can immediately access the historical transaction journal or video data and instantly find out what went wrong.
Integrated POS and security solutions often require higher upfront costs; however, ROI is quickly recouped as QSRs reduce losses due to shrinkage. To maintain customer loyalty and profits, QSRs have the responsibility to keep customer data secure and install loss prevention technologies.
Come back in the next few weeks as we’ll be continuing the conversation, discussing how IP cameras can be used for customer and employee safety, internal training and targeted marketing.