FallbackPOS as protection against cybercrime in retail

4 min read
November 25, 2022 at 10:14 AM

In recent years, the stationary retail sector in Germany has increasingly become a victim of cybercrime. According to an analysis by Hiscox, the number of attacks has risen to 34 percent this year. Security against cybercrime is therefore becoming increasingly important throughout the industry. The EHI Retail Institute lists cybersecurity among the ten most significant trends in retail. In a study conducted in 2023, 78 percent of the retailers surveyed said the number of cyber attacks had increased, and around 48 percent of them recorded significantly more attacks. 

In the worst-case scenario, an attack means businesses have to take all running systems offline. Without an alternative and independent POS system, ongoing operations are severely limited, and a loss of revenue of up to 100 percent can follow. Cyber attacks in retail are therefore a major threat. But other scenarios, such as technical errors or a failure of the payment terminal infrastructure, can also lead to outages and thus to lost sales. Many companies are therefore setting themselves the goal of being better prepared for threats of this kind and are implementing POS systems that are protected against threats, attacks and failures and can be used as an emergency cash register (Fallback POS).

Security against cyber attacks

problem-loesen-nahaufnahme-blick-auf-die-hand-der-business-frau-stoppen-fallenden-bloecke-auf-dem-tisch-fuer-konzept-ueber-die-verantwortung-zu-uebernehmen

Source: mindandi

In the event of an attack, an alternative POS system (Fallback POS) can help retailers maintain checkout operations, accept payments and provide customers with the shopping experience they are accustomed to. While the primary POS system is shut down, additional POS software can provide an infrastructure for an alternative, secure checkout process that is unaffected by cyberattacks in a remarkably short period of time. To ensure that the emergency system can be deployed directly in stores, mobilePOS hardware modules are recommended. These devices can also be used in the stores independently of an attack, the additional POS software serves legal requirements as an independent cash register and also offers itself in normal operation as a practical addition to the cashier process, with which flexible, mobile and secure payments can be received and receipts created. Mobile POS software is not only independent, but also flexible in terms of installation and thus a quickly deployable alternative to the regular cash register.

For example, used on a mobile device, the POS system can be used to equalize the checkout queue and offers customers fast and mobile payment options as part of the consultation process.

In addition to a mobilePOS, certain Android smartphones can also be equipped with the POS software (SoftPOS). By using a SoftPOS, the mobile POS can be used on certain Android devices, such as Zebra handhelds or Samsung smartphones. In this case, employees have the mobile cash register directly on their business smartphones and can scan the items via the smartphone's camera and check out customers directly. Payments can be made directly on the smartphone by entering a PIN (pin-on-glass), which would make an additional payment terminal superfluous. Standard processes should also be supported, such as:

  • Store-specific prices and promotions
  • Coupons
  • Capture of a customer card
  • Manual selection of items
  • Indicators for age-restricted items
  • Price and weight coded barcodes
  • Deposit and empties
  • Coupons

 

Requirements for a Fallback POS-System

Regardless of whether a company is affected by a cyber attack or other disruptions, the emergency POS system (Fallback POS) used in the event of an emergency must comply with the principles of proper keeping and storage of books, records and documents in electronic form and data access, as well as the requirements for data and manipulation security, and must have procedural documentation in order to be used in Germany in compliance with the tax authorities.

The receipt obligation

Since 2020, the obligation to issue receipts - better known as the receipt obligation - obliges all entrepreneurs with an electronic cash register system to provide their customers with a receipt when they purchase goods or services. So even in an emergency there must be a receipt. One possibility, using mobilePOS and SoftPOS, is to hand over the receipt to the customer digitally by scanning the QR code on the employee's mobilePOS device. A paper receipt should be printable via a printer connected to the network or Bluetooth.

Setup of the Fallback POS-system

A regular supply of item and price data via the standard interfaces to the ERP system should be ensured so that it is already held at the time of a failure. All data from sales should be transferred to the ERP system once all systems have been restored. The connection to fiscalization providers is important here.

Full control

Even during emergency operations, it is important to keep track of key KPIs. An emergency cash register should therefore record data and bring a clear journal per employee:in, team or branch as a monitor to all sales and the respective sales performance.

 

Conclusion: FallbackPOS as protection against cyber attacks in retail

Source: Snabble 

With an additional, independent POS system, it is possible to prevent attacks and the company can remain capable of acting in the event of an emergency. Mobile POS systems are particularly well suited as FallbackPOS systems, as they are especially flexible to use and can be used completely independently of the primary POS systems. Should a company be affected by a cyberattack or other threats, such a solution can prevent revenue losses and respond to changes. Operations continue and payments are processed securely. One thing to keep in mind is the requirements that a FallbackPOS system must meet in order for the POS system to be successfully integrated.

More about H5000 & FallbackPOS: What retailers are implementing one year later here.