This is the image many people have of how people are stealing money out of their point of sale software. There is much truth to this but as an example a few days ago showed with one of my clients the main problem is that it is not high tech people the big problem but that people are not taking security seriously enough.
We are sure that someone that worked in the shop and had access to a generally locked cabinet full of smokes took quite a bit of stock over some time and then tried to cover it up by changing the stock figures in the computer. What they did was take one or a couple of cartoons each time, and it quickly adds up.
When we asked our client who knew the passwords in the POS system that allow the stock levels to be changed, we discovered that at least ten people did or could have known them. When we asked them who had or could have had the key to the cabinet again, we discovered that most of these people could have.
Okay not taking passwords seriously in the computer is in inexcusable. All passwords for financial information should be changed at least once a year, we recommend at the start of every year. It costs nothing to change a password.
Changing keys is more difficult, plus unlike passwords, they do cost money. Still, a shop should have a strict policy with its keys. Keys should not be allowed to be taken off the premises. They should only be given to a trusted employee, and when not in use, they should be in a safe place e.g. your safe or a locked cabinet. If they have to be on a cabinet, they should be on chains while they are there.
I do believe that vigilance is essential and will often, as this example shows reduce the chance that things will be stolen.