Security

These items have been uploaded and published about the subject

Security

EFTPOS warning

POS SOFTWARE

One of my clients had the following happen to them.

 

They got a query from the credit card that one of their customers is claiming that a transaction was rung up twice and so they have charged the customer twice for the same thing.

When they investigated in their POS systems what they discovered was that they had done two purchases on the same day for different items but the value was the same as the amount claimed. 

Now what they had to do was show clearly that both these transactions were for something different and that they were different transactions.  The security footage was very useful here.

What it does show is how important it is to include enough detail to show that even though the transactions are for the same amount, that they are a different purchase.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Booster bags

POS SOFTWARE

A "booster bag" or "magic bag" has been used by professional shoplifters for years to beat security detectors. 

Magic booster bags

Although you can buy them, as a rule, shoplifters prefer to make their own. What you do is take a bag although a pocket in pants can be used too, put metal foil inside and so shield the security tag from the detectors in the gate. Using it in theory, you can put something in a bag and walk out of a shop.

One shoplifter just got caught using one by one of our clients. What he noticed was someone walking in with a larger sized bag from a well known retail shop, but it appeared to be empty which did not look right. So he watched the person and noticed as the person was passing out, the bag was not empty. When he examined the bag later, he saw that it was lined with aluminium foil.

If you want to know more click here.

If you find them, you know you have a serious security problem.

 

 

 

 

 

 

 

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

WARNING ON YOUR FACEBOOK BUSINESS PAGE

Facebook point of sale

You have a Facebook page for your business!

The way Facebook works is that the business pages are connected to the person who created it. So if you got someone to make you a facebook page for your business, that Facebook page is linked to their account, it is their property. Now say they leave your business, there can be problems as even if the person gives you admin access to that page, as it is still technically connected to and owned by them. In today's case, the separation has not been a happy one, and they refuse to even talk to the owner of the business.

The only way around this if they wish to continue with Facebook is to start a new page and start again. They then have to report to Facebook that the old one is impersonating the business which is messy as I am sure that Facebook does not want to get involved in disputes regarding the admin position of this page.

If you have such a Facebook page now, make sure that it is linked to your account. Also, consider giving someone else your passwords just in case something happens to you, and so the business can still use its Facebook page. If you are reluctant for some reason to do this, consider setting up a “legacy contract” for that someone who will take over an account is for some reason you cannot.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

OUTDOOR CAMERAS WITH NIGHT VISION AND WIFI

Outdoor security cameras

 

Unlike many other point of sale software, our system talks directly to the cameras which mean we get involved in security cameras, which I do not mind as I find these fascinating.

The first point is cameras seem to be the best form of evidence in a theft that judges accept today in retail. So it is important to get it right.

Some of our clients have installed these type of cameras to protect the outside of their shop. Say you put them in a spot guarding the rear of the shop.

If you are thinking of getting some of these cameras, here are some points to note.

) As they are outside, they need to be waterproof. Avoid plastic ones as they need to be sturdy so metal is better. Plus if they are metal, you can nail them in.

) Its best to get ones that have a lot of flexibility in their stands as you will need to aim them.

) Test the motion detection. When we tested some and found that the motion detector did not work well at all.

) The installation seems to be quite easy. I would say that someone that is reasonably handy with their hands and tools should be able to install them. Since they are outside, they can be an eyesore so they do not need to be professionally installed as would be the case in the shop. In fact, it is better its an eyesore as it will be noticed by thieves.

) You do need to find a good spot to put them. Make sure this spot has some wind and rain protection. Strong winds are often a real pain as they set up false signals. The spot will need a powerpoint and a decent WiFi signal. In shopping centres we have seen problems are there seems to be a lot of interference on the WiFi if so you may need to move it closer to the shop although another possibility is to install a WiFi extender.

) Once installed you need to check the picture quality both in the daytime and at night.

) Check the frame rate, most defaults are one picture in ten seconds. In ten seconds a thief can be long gone from the camera's view. I would recommend one picture in three seconds.

) One of my clients reported that they found if they walk on a certain path it did not set off the motion detector in the camera. This problem is common so you may want to consider more cameras.

) As with most videos systems today you need a decent size hard drive to keep the images.

) Lastly, you will generally only get a few years out of these cameras before they need to be replaced. They need to be tested every few months.

 

Overall they do appear to be very good at deterring thieves. One client had a shed in the back, which was burgled a few times, they put in these cameras and no-one has come back.

I hope this all helps.

 

 

 

Post a Comment

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Shoplifting - booster bags

POS SOFTWARE

 

A few people asked me after I wrote my article discussing among other things booster bags (often called magic bags or faraday bag) often used in shoplifting with particular emphasis on bypassing the security tags.

The quickest and I think the best way to test them is to do what shoplifters do, grab a few of your tags and see whether your security poles will pick them up. Try looking for weak spots that the labels close to the poles, put the labels very low or straight etc. What an experienced shoplifter often does is take a few labels from inside your shop. As no-one is looking for those labels, they are not hard to take and as no-one is going to do anything to him/her coming into the shop so they can test your security all they like. Be worried if someone comes into your store and the security alarm goes off, its quite possibly not a malfunction but a test run.

As far as testing for booster bags, make one yourself and try it out with a few items. One of my clients found a person with a booster bag with over $240 worth of books of their books in it. A useful app "MD Faraday Bag Tester" that can help you test the bag and will give you a pretty good idea of how effective is available in the google play store

 

This app can also be used to check whether you have label security on an item. As a test, I went into a large shop, walked around with this app, tested many items and no-one said anything.

Another Major data breach this one at Cloudflare

POS SOFTWARE

 

Cloudflare it has been recently claimed has suffered a large security breach, and a number of major sites were affected such as Uber, Fitbit, OkCupid, etc. and we too. We use Cloudflare ironically as a security layer. Now some have started to spread nasty rumours about our point of sale site because some people like to do that about us a lot. Let me explain why I really doubt anyone needs to worry about us.

1) With this data breach, it is not yet clear that any hack ever happened. What we know is that it might have happened. It is very theoretical at the moment. It is a maybe hack. Say you left your security code for the shop on a sheet of paper at work. Did anyone read it, did anyone write them down, did anyone know about it and did anyone realise its significance? This is the situation with this hack.

2) Cloudflare was only an extra layer for extra protection, not our primary defence. Even if the Cloudflare layer was broken, a hacker would not get into anything. An example above might say that a person above now has your security codes for the shop, they still need a key to get in. At no stage did we give the key. Unlike many others, as recent events have shown who just use standard software, so get frequently hacked we are very careful about security here so we have never had a hack, touch wood!

3) Cloudflare is now contacting sites that they believe are affected by this possible hack, and we have not been contacted, suggesting that they think we are probably not affected.

4) We have only used cloudflare for a very short time, for much of the period in question with this data breach our website was not using cloudflare.

However, just in case, every user on our site has received from me an email about the situation, and we are now enforcing a forced password reset campaign so any user who wants to continue using our site as before must reset their passwords

Anyone wants to talk about it more, anyone wants to discuss further, I am more than happy to do so.

 

 

EFTPOS Skimming

POS SOFTWARE

 

Your EFTPOS unit can be skimmed in seconds, I have seen a video of two people skimming a unit in less time then it took you to read this, they skimmed a unit. If they had succeeded everyone who in that shop uses their EFTPOS on that unit will have their card details and pin numbers recorded by the thieves. The merchant would have probably spent the next few years in court and it would be expensive. Studies show most small businesses do not survive long a major skim.

It's a worry, in a recent discussion that I attended, we talked about this matter of EFTPOS security. I could not get an overall answer as few EFTPOS providers handle the units themselves as this is generally subcontracted. You really need to talk to your EFTPOS provider to find out, however, I could get an answer out of Tyro because they do not subcontract this out.

There is a series of systems in place to protect against these attacks although they do occur.

Sometimes they can be detected by the terminals. Tyro has a system of tamper resistance built-in. In the event the unit detects any hardware tampering; they will refuse to perform any transactions.

Depending on the type of attack, the terminals if it picks it up will display one of several messages, but generally, you would get something like this.

 

If this happens, the unit will no longer work and will need to be replaced.
 
The main unit used is a Yomani
 
 
 

now if you notice they are curved everywhere part of the reason for this is to prevent skimming hardware from being attached on top of this unit. Still you cannot be too careful.

Three tips that I do recommend you consider is

1) Use a highlighter and writing something like "Property of West Footscray Gift Shop" around on the EFTPOS unit. It just makes it harder for the skimmer to put his unit on top of yours as they need to duplicate your writing too.

2) Run your hand around the unit and make sure that there is nothing on it. I do that before I put any card on a terminal.

3) If you have an old EFTPOS unit, get it replaced, Tyro users can do this free of charge. They are just too dangerous these old units.