Security considerations when taking iPad POS mainstream
Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.
When first introduced in the 2000s, iPad POS was considered a useful ‘app' but not necessarily a professional POS solution. But in recent years, businesses of all sizes have begun to consider iPad POS as a viable option.
What are the security implications of using iPad POS in this way? We took a look at some of the practicalities that businesses using an iPad POS system should consider.
Types of security
The “security” of a system is a fairly broad umbrella term, and one which widens even further when using iPads. Traditionally, we understand security measures to involve:
- protecting against theft of the device (physical security)
- security against hacking (data security)
- prevention of theft by employees using the system (operational security)
With the iPad, we can add another category to the list: misuse security. This involves preventing the device from being used for purposes other than point of sale transactions, for example, familiar iPad activities such as internet browsing or game playing.
The most straightforward security measure is to ensure that the devices cannot be stolen. This can be as simple as using a robust and application-specific iPad stand for your tablets. Some of the best available on the market come from:
Or you could invest in custom built stands to meet your particular requirements.
With credit card details and customer data at stake, POS systems have historically been an obvious target for hackers. Hackers can target your POS through the devices themselves (gaining physical access to an iPad left accessible by staff), connecting to your network or by hacking your servers.
Fortunately, Apple's iPad is widely considered be a safer security option than systems running Microsoft Windows, with most hacker attacks occurring on systems running the legacy Windows XP operating system.
The iPad has more limited functionality than a PC, leaving it with fewer vulnerabilities to target, and the fact that there is no on-site server makes the whole solution far more secure.
Operational security involves mitigating against employee theft. In venues like bars and nightclubs, keeping staff accountable for individual transactions has always been a major problem. Without a system for tracking each member of staff's transactions it is all too easy for bar staff to give away products for free, or to overcharge and keep the difference for themselves.
With cloud based iPad POS systems reporting in real time however, it is possible to get an up-to-the-second accurate audit trail of exactly who has done what on each till. If we can then tie this directly to CCTV recordings, stock inaccuracies or cash levels in the till then there is a way to prevent theft and ultimately drastically improve operational security.
Misuse by employees
The fact that iPads are traditionally a consumer device, only recently being deployed in a corporate environment, means that security measures for iPad POS need to be a little tighter than usual in order to prevent employees from being tempted to access other iPad based apps for recreational use.
iPads allow guided access so that the device can be locked down to a singular app (the POS in this case) via a pin code. In addition, wireless access can be stringently locked down to ensure that the internet can't be misused, or accessed at all if necessary.
With Apple's ubiquitous tablet being portable, adaptable and user friendly there are now a number of business advantages to using an iPad for POS transactions.
While data security is a perennial worry for businesses, iPad POS stands up among its peers as an extremely secure and reliable option. It goes without saying that staff training to mitigate against theft or hacking of your devices is vital, as is the latest operating system and malware protection.
Together with its configurability and transaction tracking capabilities, iPad POS can work hand in hand with your wireless infrastructure as part of a system that ticks all the boxes for physical, data, operational and misuse security considerations.Contributed by Josh Smith, Operations Manager, EPOSability