Cloud-based point of sale systems have become synonymous with all things new and sexy; while traditional POS systems — a.k.a. legacy POS — is often perceived as being old and unattractive. While this might be the case for some traditional POS systems, others are aging more like a fine wine or scotch with a strong foundation that has allowed them to mature alongside technology (more on that later).

Point of Sale (POS) technology has made significant strides in the last decade, and you’ve probably heard a lot about cloud-based POS systems. However, there still seems to be confusion as to what cloud POS does or does not mean.

The goal of this article is to break down the difference between cloud POS vs. traditional POS systems so you can walk away with a clearer picture of what is the better option for your business.

The Real Difference Between Cloud POS and Traditional POS

It all comes down to architecture. With legacy POS systems, all of the data is stored on a local server at the business. That means the business owner or manager must be present at the physical location to view reports, make changes to the menu, or any other task involving the point of sale software.

By today’s standards, a POS system that is only available on-premise doesn’t cut the mustard. However, 20+ years ago when point of sale systems started becoming popular with large enterprises that could afford them, there wasn’t much choice. By default, all traditional POS systems have factors that limit agility simply because of age:

Database

Database selections were limited. You had Visual Basic, C++, or Delphi to develop in. POS software companies had to pick a database structure and wrap their entire product around it.

Programming Language

The software company’s developers had to pick a programming language and standardize it across the entire application.

Operating System

An Operating System (OS) had to be chosen to execute the tasks and commands of the software. At the time, Windows was the only OS with meaningful market share and the reason why many legacy systems were built using Windows.

However, with age brings experience. Experience building decades worth of POS software features that can accommodate any size business in a given industry. The evolution has been gradual and meticulous – building on the needs of merchants like you. These traditional POS companies have also spent years developing extensive support resources to better serve their customers.

The right thing is combine the everyday experience of old age with the vigor of youth. – George Bernard Shaw

Cloud POS solutions have had a very different evolution. Most started as tech companies with zero customers, no legacy source code or database, and little knowledge of the industry they were trying to serve. That lack of knowledge regarding the mission-critical nature of a POS system is a big reason why some of the young cloud POS offerings haven’t gained traction in much more than a juice bar or niche boutique. Not to mention, their customer support often leaves a lot to be desired.

When it comes to cloud POS architecture, POS data is stored on a hosted server in a remote location (“the cloud”) and accessed via an internet connection.

On paper it makes sense. Everything is web-based and app-driven these days, so using a web browser to run your back office from anywhere certainly makes more sense than physically going to the store and sitting down in front of the computer. Cloud POS systems also eliminated the in-store server configuration leveraged by legacy software and replaced it with a cheaper, easy-to-manage server in an offsite datacenter.

However, nobody took the time to ask, “What happens when the internet goes down, and I can’t connect to the hosted server?” The answer is chaos. Betting on the reliability of DSL or cable internet is a fool’s bet. There are so many variables beyond your control that paying for the cost of a local server is worth the investment – there’s no dollar sign on peace of mind.

Imagine how many hundreds or thousands of dollars your business loses when a cloud-based POS system goes down versus the cost of a local server? Precisely.

The Bottom Line

What does this all mean for the restaurant owner? You have several legacy systems that are feature-rich, extremely reliable, but may look outdated to some.  On the other hand, you have cloud POS systems that are not as functional or stable but have modern aesthetic appeal.

When it comes to cloud POS vs. traditional POS, our best advice to you is one you’ve heard since childhood — never judge a book by its cover. In this case, never judge a POS system for its marketing appeal. The backend functionality and features are what you should take into consideration. How the system operates will have the most significant impact on your business — not how it looks. Plus, many traditional POS companies are now offering hardware that looks a lot sleeker and more modern than the “legacy POS” equipment you’re used to seeing. And these systems have the benefit of being built-for-purpose to withstand the rigors of busy restaurant and retail environments, unlike consumer tablets that were never really intended for this type of use.

Source

By: Stephen Ames, VP of Compliance, Shift4 Payments

We in the payments industry are rapidly approaching a day that I hope will not “live in infamy.” June 30, 2018. This is the day that SSL and early versions of TLS will finally and officially be put to rest on payment processing interfaces. If you haven’t taken the proper steps, you may find yourself unable to process payments after that date. 

Here’s what you need to know about the technologies themselves and the fast-approaching shutdown.

What Are SSL and Early TLS?

SSL, or Secure Sockets Layer, refers to a type of data encryption that was once used to secure communications between a user’s web browser and a web server in order to protect transmitted data from eavesdropping or tampering. Early TLS, or Transport Layer Security, refers to versions 1.0 and 1.1 of the encryption technology, themselves 18- and 11-year-old protocols, respectively – ancient by IT terms. TLS 1.0 and some cipher suites in TLS 1.1 are deemed insecure by the PCI Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST).

Indeed, some scary TLS exploits have been documented over the last decade. For example, there are several vulnerabilities that, when exploited by cybercriminals, can create an opportunity for “man-in-the-middle” attackers to break into a system and remain undetected, all while “eavesdropping” and gathering data as users communicate with each other. Another one of these vulnerabilities can potentially allow remote hackers to break into the system and cause a denial of service (DoS) error, which crashes the device and renders the payment network unusable.

Making Sense of It All

So how do you know if “early TLS” is being used in your payment processing environment? Well, that can be a little tricky to figure out. The PCI SSC’s own definitions of SSL and TLS are vague and based on PCI DSS version 3.1, which was superseded by version 3.2 in April 2016. They refer the reader to NIST Special Publication 800-52 Revision 1, which is itself a 4-year-old document, not to mention a common cure for insomnia. The SSC’s supplemental guidance on Migrating from SSL and Early TLS provides a fleeting definition:

“Fifteen years ago, SSL v3.0 was superseded by TLS v1.0, which has since been superseded by TLS v1.1 and v1.2. To date, SSL and early TLS no longer meet minimum security standards due to security vulnerabilities in the protocol for which there are no fixes. It is critically important that entities upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.”

To further complicate things, let’s review PCI DSS Requirement 4.1:

“Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks…”

We then find the definition of strong cryptography in the PCI DSS Glossary:

“Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is “one way”; that is, not reversible). It is recommended that all new implementations use a minimum of 128-bits of effective key strength.”

The reader is then referred to yet another NIST Special Publication – 800-57 Part 1, Revision 4 this time. Are you still with me? At this point, we still don’t have a clear definition of early TLS. We can’t simply say early TLS is TLS 1.0.

Here’s why. All TLS versions have vulnerabilities, be it weak bulk encryption ciphers or man-in-the-middle exploits. For example, there’s a new variant of the original POODLE attack that exploits implementation flaws of CBC – Cipher Block Chaining – encryption ciphers. This is not an SSL 3.0 downgrade attack as previously noted. The Logjam attack exploits implementations of the Diffie-Hellman key exchange process. There are also a handful of exploits against RC4-based encryption ciphers. And the list goes on.

So as you can see, early TLS is not very easy to define – and unfortunately the burden will be on merchants still using the technologies after the June 30 deadline who suddenly find themselves out of compliance or unable to process any payments.

Why June 30, 2018?

When the PCI Data Security Standard (DSS) version 3.1 was released back in April 2015, the PCI SSC decreed that SSLv3 and early versions of TLS are no longer considered strong encryption for the transport of cardholder data over public networks or for non-console administrative access to your cardholder data environment (CDE). This means that if you’re still using SSLv3 and early versions of TLS as of June 30, 2016, your CDE may be non-compliant with PCI DSS – not to mention the fact that your payment security operations will be at risk.

The PCI SSC revised their standing on these protocols in April 2016 when they released PCI DSS version 3.2, which offered the following conditions for continued use of SSL and early TLS:

• You may continue using SSLv3 and early versions of TLS until June 30, 2018, but you must maintain a formal Risk Mitigation and Migration Plan.
• You may continue using SSLv3 and early versions of TLS for your card-present point-of-sale terminals beyond June 30, 2018, if it can be verified they are not susceptible to any known exploits for SSLv3 and early versions of TLS. You must also maintain a formal Risk Mitigation and Migration Plan. While this may be a viable option for merchants, it is not for Shift4 Payments because it cripples our commitment to deliver ironclad security for your transactions.
• Any new installations in your CDE may never use SSLv3 or early versions of TLS.

If you haven’t yet, I strongly encourage you reach out to your IT support staff and/or your PMS/POS system vendor to make sure you won’t be affected come the end of June. Suffice it to say that if your PMS or POS system is using TLS 1.0 or TLS 1.1, time is just about up to either modernize it to TLS 1.2, or replace your system. You can use our POS Solution Finder to identify compliant POS system options.

About Shift4 Payments

Shift4 Payments is the leader in secure payment processing solutions, powering the top point-of-sale and software providers across numerous verticals, including Food & Beverage, Hospitality, Lodging, Gaming, Retail and e-Commerce. This includes the company’s Harbortouch, Restaurant Manager, POSitouch, and Future POS brands, as well as over 300 additional software integrations in virtually every industry. With eight offices across the U.S. and Europe, 7,000 sales partners and three state-of-the-art data centers, the company securely processes over 1 billion transactions annually for nearly 200,000 businesses, representing over $100 billion in payments each year. For additional information, please visit www.shift4.com 

Source

Why POODLE/SSL Is The New Y2K For Your Restaurant

Remember Y2K (or at least reading about it)? On January 1, 2000 computers that everyone depended on were to malfunction due to four-digit years being represented by two digits. Although this never resulted in the major problems that were predicted, it sure did scare everyone. Now we have a new phenomena that could have a big impact on your restaurant (and represents a much more tangible threat than Y2K did)… 

Fast forward to June 30, 2018. On this day, the Payment Card Industry Standards Council (PCI SSC) is mandating that any restaurant running SSL must switch to TLS v1.1 or higher for all credit card processing to continue safeguarding payment data. Now I realize that you may feel like you are staring into a bowl of alphabet soup when I bring up these acronyms so bear with me as I explain.

For decades, SSL (Secure Sockets Layer) has been used as a standard way to convert data into code in order to prevent unauthorized access. Recently, vulnerabilities have been identified in SSL. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a flaw that enables attackers’ to extract data from a encrypted (secure) connection. To avoid this, you must switch from SSL entirely and TLS (Transport Security Layer) version 1.0 to TLS version 1.1 or higher. Not only will this allow you to fix the problem, but your restaurant will remain PCI compliant.

Once the June 30 deadline has passed, the credit card processing functionality of any non-compliant software, operating system and/or hardware will stop working. In other words, you will face a complete shutdown of your credit card processing! Most traditional POS systems are vulnerable and will need to be upgraded before this deadline. This could cost thousands of dollars. Now that’s scary …

While a lot of POS software providers are just now learning about this issue, some are well aware of this problem and are working to make it easier on restaurants that need to procure new software and/or hardware. For example, Harbortouch is offering a free upgrade to the latest version of their POS software to the company’s existing customers or POS software for free to new customers. They are also offering free EMV Terminals to ensure compliance with PCI’s new TLS requirements! These terminals can also support EMV chip card transactions with tip adjustment and accept Mastercard’s new BIN cards.

Many POS providers even have local resellers who will come to your restaurant to install and then support your POS hardware and software … you don’t have to know a thing about SSL or TLS or POODLE. They’ll take care of it for you! Contact a local reseller today for details on how you can ensure you do not lose the ability to accept credit card payments when this deadline arrives!

Source

 ALLENTOWN, Pa. and LAS VEGAS – January 15, 2018 – Lighthouse Network today announced the acquisition of Shift4 Corporation, provider of the world’s largest independent payment gateway. Shift4 is the leader in secure payment processing solutions, serving tens of thousands of clients across North America, including some of the most widely recognized brands in retail and hospitality such as Choice Hotels, Caesars Entertainment, Red Roof Inn, Sleep Number and the PGA Tour, among many others.

Lighthouse Network has also announced that the entire company will rebrand as Shift4 Payments. Lighthouse Network was established in 2017 to power numerous brands in the point-of-sale industry by providing payment processing and technology solutions, as well as shared corporate services. Shift4 Payments will replace the Lighthouse Network brand at the top of the organization and power the payment processing services for the company’s Harbortouch, Future POS, Restaurant Manager and POSitouch product brands. Citizens Bank acted as financial advisor to Lighthouse Network for the transaction.

Founded in 1994, Shift4 holds 11 patents for their proprietary payments technologies and is credited with inventing payment data tokenization. The company is also a leader in PCI-validated point-to-point encryption (P2PE), EMV and numerous other secure processing solutions. Shift4 processes in excess of $60 billion annually and, combined with the former Lighthouse Network, the organization will collectively process in excess of $100 billion a year in payments. The Shift4 platform has maintained 100% gateway system uptime since 2008 with fully redundant, geographically diverse data centers (hot/hot) powering its robust processing infrastructure. Shift4 also has over 300 unique software integrations supporting ISVs and merchants in a wide range of markets, including Food & Beverage, Hospitality, Retail and e-Commerce, with full Omni-commerce capabilities.

Jared Isaacman, CEO of Shift4 Payments (formerly Lighthouse Network), states, “This acquisition is transformational for our organization as it enables us to power our industry-leading POS brands with a best-in-class payments platform that is second to none in terms of security, reliability and functionality. But this story is not just about our Harbortouch, Future POS, Restaurant Manager and POSitouch brands, as we also aim to empower the over 300 existing Shift4 software integrations with game-changing benefits. Shift4 is truly in a class of its own when it comes to secure payment processing, and as such, rebranding Lighthouse Network as Shift4 Payments reflects our commitment to powering all the leading software brands with premium payment processing services.”

Shift4 President & CTO J.D. Oder II adds, “This acquisition combines the strengths of two significant and well-established organizations with complementary capabilities, fulfilling the notion that ‘one plus one’ can equal a much larger number than the math implies. Shift4’s merchants and ISV partners for years have asked for more than just an outstanding gateway solution, but the full spectrum of payment processing services. We can now meet that need and so much more.”

For more information, visit www.shift4.com/announcement

About Shift4 Payments

Shift4 Payments is the leader in secure payment processing solutions, powering the top point-of-sale and software providers across numerous verticals, including Food & Beverage, Hospitality, Lodging, Gaming, Retail and e-Commerce. This includes the company’s Harbortouch, Restaurant Manager, POSitouch, and Future POS brands, as well as over 300 additional software integrations in virtually every industry. With eight offices across the U.S. and Europe, 7,000 sales partners and three state-of-the-art data centers, the company securely processes over 1 billion transactions annually for nearly 200,000 businesses, representing over $100 billion in payments each year.

Source

 WASHINGTON, January 25, 2018 – American adults are expected to spend an average $81.17 for a total of $15.3 billion as an estimated 188.5 million people watch the New England Patriots take on the Philadelphia Eagles in the Super Bowl next month, according to the annual survey released today by National Retail Federation and Prosper Insights & Analytics. Projected viewership is the same as last year but total spending is up 8.5% from $14.1 billion in 2017.

“Whether throwing their own party, heading to a friend’s house or gathering at their favorite bar or restaurant, consumers are ready to spend on the big game,” NRF President and CEO Matthew Shay said. “Super Bowl shoppers will find retailers well-stocked on decorations, apparel, food and all other necessities to cheer on their favorite team.”

Of the 76 percent of those surveyed who plan to watch the game, 82 percent say they will purchase food and beverages — up slightly from 80 percent last year — and the highest in the survey’s history. Another 11 percent will buy team apparel or accessories, unchanged from 2017. New televisions and decorations hold a similar draw for those planning to watch at home, with 8 percent planning to purchase each, also unchanged. Those 25-34 will spend the most of any age group at an average of $118.43.

According to the survey, 18 percent (45 million) will host a Super Bowl party, with 28 percent (69 million) planning to attend one. Bars and restaurants will entice 5 percent (11 million) planning to watch at their favorite local spot.

Of those watching, 41 percent say the most important part of the Super Bowl is the game itself, while 24 percent cite the commercials, 15 percent like getting together with friends, 14 percent watch for the half-time show and 7 percent are there for the food.

“Consumers are carrying strong spending momentum from the holiday season into their Super Bowl festivities,” Prosper Executive Vice President of Strategy Phil Rist said. “This is evident through increased plans for purchasing while the number of viewers remains steady with last year. Fans aren’t afraid to spend a few extra dollars to make this year’s game the best one yet.”

The survey, which asked 7,277 consumers about their Super Bowl plans, was conducted January 3-10 and has a margin of error of plus or minus 1.1 percentage points. Full data results will not be published on NRF.com but news media and analysts who require additional information can contact press@nrf.com.

About Prosper Insights & Analytics
Prosper Insights & Analytics delivers executives timely, consumer-centric insights from multiple sources. As a comprehensive resource of information, Prosper represents the voice of the consumer and provides knowledge to marketers regarding consumer views on the economy, personal finance, retail, lifestyle, media and domestic and world issues.

About NRF
NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private-sector employer, supporting one in four U.S. jobs — 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy.

Source

While wish lists are as old as the North Pole’s top executive, their popularity continues to endure. Gift givers rely on them to make the task of finding just the right items more exact. And recipients love them because they are more likely to receive the items they’ve been dreaming of. And they’re a win-win-win for retailers as well, reducing the dreaded post-holiday onslaught of returns.

But what are retailers wishing for their stores this holiday season? We talk to a lot of them, so here are five “sugar plums” dancing in their heads.

Wish #1: Bring shoppers into the store.

Since shoppers spend 90 percent more time visiting a bricks-and-mortar store than they do on a vendor’s website, and the average in-store purchase is higher than online, retailers want to lure more foot traffic this holiday season. Plus, an in-store experience offers the best opportunity to leverage face-to-face engagement and stellar service to wow shoppers and garner their loyalty.

Wish Granted: Unique in-store experiences attract shoppers like children drawn to the aroma of cookies in the oven. Creating a variety of experiences for specific shopper segments with respect to lifestyle and demographics can help retailers not only bring shoppers to the store but effectively manage volume. Another strategy is creating limited time, in-store only promotions early in the season with back-end rewards for revisiting the store in time for holiday gift giving. According to last year’s IBM survey of consumers’ top criteria for choosing where to shop, free in-store pickup is a huge advantage for beckoning shoppers to the store. Shipping costs influenced 83 percent of respondents not to complete an online purchase.

Wish #2: Keep checkout queues short and moving.

The last thing retailers want to do is aggravate in-store shoppers whose baskets are brimming with merchandise by making them wait in long queues. Yet retail reports indicate that getting stuck in a checkout line is one of the biggest frustrations. For time-starved consumers, it’s a huge motivator for shopping online.

Wish Granted: The obvious solution is to schedule ample help to staff additional registers during peak days and times and special events and promotions. However, this can be a challenge due to a shortage of workforce resources. Placing mobile POS devices in the hands of every associate can keep checkout lines moving steadily and wait times to a minimum during unforeseen periods of high-volume traffic. Another solution is unmanned kiosks that shoppers can use to bypass lines altogether.

Wish #3: Have the products shoppers want in stock.

It seems like every year a dearth of the most popular gift items turns congenial shoppers into wrestlers, making for somewhat amusing, and at times disturbing, news. Nothing sends shoppers out the door (and online to Amazon) faster than “out of stock.” In fact, at least two-thirds of in-store shoppers who experience stock-outs take their business elsewhere or do not buy at all. Inventory management is about as challenging as guiding a sleigh full of toys on a foggy night.

Wish Granted: With visibility into a real-time inventory management system that tracks movement across the entire supply chain, store associates can offer shoppers convenient alternatives to walking out the door due to stock-outs. Stores become virtual distribution centers as associates orchestrate product delivery or arrange for store pickup at other locations. For 80 percent of surveyed consumers, it was important to be able to view in-store product availability before making a trip to the store. An automated system also helps prevent out of stocks, generating replenishment when certain thresholds are reached.

Wish #4: Make staff more efficient and effective.

Finding holiday help seems to be more and more difficult as the Boomer workforce continues to melt. And adding temporary staff means extra costs that eat into holiday profits. It’s easy to think that those extra bodies are the only way to offer nice service that prevents shoppers from becoming naughty. Making staff more efficient is a more cost-effective solution than taking on additional personnel.

Wish Granted: Mobile devices enable current staff to assist customers in a variety of ways, anywhere in the store—providing concierge-level assistance for shoppers in the dressing room, helping shoppers locate products in the aisles, or rescuing them from long wait times in checkout queues. Bonus: in-store use of mobile devices more easily attracts tech-savvy Millennials to augment the holiday workforce.

Wish #5: Reduce post-holiday returns madness.

The joy of successful holiday sales is tempered by the anticipation of the in-store pandemonium sure to follow. In a perfect word, if retailers have maintained optimum inventory and have motivated shoppers to purchase gifts in the physical store, it stands to reason that better in-person buying decisions will lead to fewer returns. However, many will visit the store with unwanted gifts purchased online. Standers in long, snaking lines simply want their transactions over and done. It’s all about providing great service to keep those customers coming back to the store.

Wish Granted: Mobile devices that enable more associates to process returns quickly will boost good will and help convert store visitors into loyal customers. Plus, trained associates have an opportunity to engage in a discussion about what products they’re looking for and where to find them in the store.

Source

Hotels, resorts, cruise lines and other hospitality venues are adapting digital signage to replace printed signs and notices within their establishments. The benefits are many, but most notably the ability to instantly change messages and the cost savings from printed placards. Staff time savings, guest convenience, promotions of internal amenities such as restaurants and lounges, and the cachet of IT within their establishments are also incentives to move toward digital signage, not only as information but also a point of sale (POS) incentive.

Mood Media is one company that has expanded to the hospitality sector, adding content from TripAdvisor’s® website to its digital signage solutions. Dubbed MVision Travel, the digital signage application serves as a “virtual concierge” for guests at major hotel brands. The real-time feed of TripAdvisor content into guest rooms includes recommendations, graphics and ratings for local attractions.

Cruise ship digital signage can serve as support “staff” through touch screens and monitors. Helping players find casinos, providing prices and appointment settings for spa and salon services, accessing information about formal events and recreational schedules and more, digital signs can also serve crucial functions such as displaying passenger safety information and protocols.

For example, Four Winds Interactive iDS^® software solution is used on the Oasis of the Seas by Royal Caribbean. The company’s website notes that the size, number, and placement of digital signs and touch screens throughout the ship is crucial, but the software platform and applications are just as important, if not more so. This software will determine what content can be shown on these displays and how easy the system is to manage. One critical decision that executives face is whether to purchase a software license for a single ship or for the entire fleet when implementing cruise line digital signage. By purchasing a company-wide license, the cost per ship and per sign goes down, and the opportunities to create consistent cruise line branding increase substantially. The economic benefits of a fleet-wide license can also serve as the perfect excuse to invest in a fleet-wide overhaul of guest services and amenities.

A White Paper from Keywest Technology cites six areas that digital signage in hotels can cost-effectively increase revenues and enhance the guest experience. They include in-room channels; door cards; reader boards; advertising signage; mapping; and hybrid, interactive displays such as kiosks. Amenities offered on the property or information on hours of operation for an in-house restaurant, checkout times or safety procedures can also be displayed.

The White Paper notes that real-time advertising messages geared toward the demographics of an anticipated audience may be the chief advantage of digital signage in advertising applications over static, printed signs. The practice, called “day-parting,” empowers managers to promote

in-house restaurants based on breakfast, lunch or dinner specials of the day on the same sign at the time of day when people are most interested in a given meal. Later, that sign can be used to promote the hotel lounge and special entertainment. Keeping the guest on the premises and spending money in-house is the goal. Additionally, advertising from selected outside businesses, such as upscale retail or local attractions, can also easily be added.

Source