Home » Data Protection » Network Security

Security at the Point of Sale

Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up to date.

By Michael Fitzgerald

Page 2

"Under-ringing is incredibly hard to detect, under any system," he says.

Small note of irony: The first mechanical cash register (patented in 1883) was nicknamed "

The major modern method for catching under-ringers is video analytics applied at the point of sale. Companies like IBM, Milestone and an Aubele client, Wren Solutions, all offer video analytics that aim to help store managers see when breaches have occurred.

But such analytics are a bit "pie in the sky," cautions Steve Hunt of Hunt Business Intelligence in Evanston, Ill. All the pieces work well, he says—"the cameras work fine, the recording system works fine, it integrates with the point-of-sale system perfectly by tagging every transaction, but the analytics aren't good enough. It's analytics 1.0." Aubele acknowledges that video analytics is "a work in progress," but says "it's light-years today ahead of where it was two years ago," and in two years will be light years ahead of today.

Meanwhile, there are new approaches being tried with traditional smash-and-grab techniques, like running off with a rack of leather jackets. Time Domain, a maker of real-time location systems, is putting radio frequency identification (RFID) tags into high-value items, and tracking them via ultra wideband (UWB) wireless technology. Time Domain's technology creates electronic article surveillance that ties into the cameras at the front of the store and will flag the unusual, like an entire rack of leather coats suddenly moving, and pan the cameras on the items—as long as the store uses pan-and-tilt video cameras. This technology is in pilot right now.

THE FLIP SIDE OF CAPTURING CUSTOMER DATA
Missing merchandise is a visible, countable problem for retailers. Stolen customer data is murkier. Compounding the issue is a fundamental problem: Point-of-sale technology wasn't designed to capture customer data, securely or otherwise. Most retail technology was developed to help companies track product information—what was sold, when and for how much. But retailers now use these technologies to capture customer data.

That means "at the place where data is captured, you have a rat's nest of different technologies cobbled together in a way that didn't pay any heed at all to the sensitivity of the data it captures," says Brian Kilcourse, managing partner of RSR Research.

Worse, retailers in the last decade shifted away from proprietary networking technologies like IBM's Token-Ring to Internet Protocol, which offers great flexibility but has inherent security issues. Retailers also tend not to encrypt data, and have been aggressive about adopting wireless technologies, which are harder to secure than wired ones.