Florida POS Systems Blog

Point of Sale News and Information

Data breaches, new ransomware, and other security threats seem to be in the headlines regularly. In fact, it’s been reported that POS attacks have increased 22% since 2015. Criminals are more organized and well-equipped than ever before. There’s no sign of things slowing down.network security

While it’s easy to believe that your business isn’t a target, the fact is, the tools criminals are using today don’t discriminate. They look for weaknesses and exploit them. If you do suffer a breach or loss of some sort, will you be able to weather the effects? Can you afford to pay potential fines from the credit card companies? Can you afford a damaged reputation and possible loss of business?

Rather than bury your head in the sand and assume your system is secure, ask your solution provides the following questions.

Do my POS and payment solutions make use of EMV, tokenization, and (point-to-point encryption) P2PE?

This trio of security protocols will help ensure your credit card payments are secure. Tokenization takes a cardholder’s primary account number (PAN) and replaces it with a substitute value called a token, worthless to criminals. P2PE encrypts cardholder data at the point of swipe, dip, or tap until the data reaches the payment company. Any data intercepted is worthless. EMV relies on embedded chips that ensures that the card being used at the point of transaction is authentic, thus reducing fraud. Harbortouch uses these methods in all of their POS solutions.

Am I running antivirus?

Windows-based POS systems are susceptible to malware if connected to the Internet and unprotected. Antivirus can protect the system from malicious programs that can be used to capture customer information, lock and encrypt your system, or worse. If your POS system is Android-based, the chances of getting infected with malware are reduced, but POS performance can still be negatively impacted by infected back office PCs that might be on the same network.

What steps have you taken to secure my network?

Antivirus will help protect PCs and POS devices, but the overall network — your router and wireless access points — still need consideration. Firewalls can be put in place to allow you to control what data comes in and out of your network. For example, if you don’t need Internet access on your POS machines, those ports can be shut down. As an extra precaution, intrusion detection and prevention systems can be used to alert you if suspicious traffic is coming into your network or leaving it, particularly useful if an employee installed malware that’s sending data outside the organization. By using a quality Florida based company with the IT experience you can trust like Alltech Computer & IT Services to make sure you are protected.

Your network can also be segmented to ensure that POS devices and other networked devices are kept separate. Since phone systems, digital signage, video surveillance, and many other systems now plug into our networks, it’s essential to keep their traffic separate from that of POS and payments. Additionally, if you offer guest Wi-Fi, extra precautions need to be taken to keep guests outside your business network. By using a strong IT company like Alltech Computer & IT Services to come out and survey your network. It could save your business from being breached. It’s just an extra level of security.

Are the latest software patches installed?

A recent Secret Service investigation into more than 400 breaches shows that improper setup and maintenance was a principal cause. Your initial installation might have been 100% secure, but without patches, updates, and routine maintenance, you might be vulnerable.

How strong is my password policy?

There’s no denying, passwords can be annoying, especially if you follow the rules. Unfortunately, the best practices set forth by the PCI Security Standard Council exist for a reason — they work. Also, it’s been shown that the majority of breaches happen due to poor password policies. According to the 2017 Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved either stolen or weak passwords. Make sure you’re using strong passwords and changing them regularly. This simple step can have a profound impact on your security.

By asking these questions to your POS vendors, and filling any security gaps that currently exist, you can significantly reduce your risks of a breach, loss, and costly fine. Don’t delay, Call Alltech Computer & IT Services today.

 

Source

Continue Reading

PointofSale Cloud Technology Map Traditional vs Cloud POSCloud-based point of sale systems have become synonymous with all things new and sexy; while traditional POS systems — a.k.a. legacy POS — is often perceived as being old and unattractive. While this might be the case for some traditional POS systems, others are aging more like a fine wine or scotch with a strong foundation that has allowed them to mature alongside technology (more on that later).

Point of Sale (POS) technology has made significant strides in the last decade, and you’ve probably heard a lot about cloud-based POS systems. However, there still seems to be confusion as to what cloud POS does or does not mean.

The goal of this article is to break down the difference between cloud POS vs. traditional POS systems so you can walk away with a clearer picture of what is the better option for your business.

The Real Difference Between Cloud POS and Traditional POS

It all comes down to architecture. With legacy POS systems, all of the data is stored on a local server at the business. That means the business owner or manager must be present at the physical location to view reports, make changes to the menu, or any other task involving the point of sale software.

By today’s standards, a POS system that is only available on-premise doesn’t cut the mustard. However, 20+ years ago when point of sale systems started becoming popular with large enterprises that could afford them, there wasn’t much choice. By default, all traditional POS systems have factors that limit agility simply because of age:

Database

Database selections were limited. You had Visual Basic, C++, or Delphi to develop in. POS software companies had to pick a database structure and wrap their entire product around it.

Programming Language

The software company’s developers had to pick a programming language and standardize it across the entire application.

Operating System

An Operating System (OS) had to be chosen to execute the tasks and commands of the software. At the time, Windows was the only OS with meaningful market share and the reason why many legacy systems were built using Windows.

However, with age brings experience. Experience building decades worth of POS software features that can accommodate any size business in a given industry. The evolution has been gradual and meticulous – building on the needs of merchants like you. These traditional POS companies have also spent years developing extensive support resources to better serve their customers.

The right thing is combine the everyday experience of old age with the vigor of youth. – George Bernard Shaw

Cloud POS solutions have had a very different evolution. Most started as tech companies with zero customers, no legacy source code or database, and little knowledge of the industry they were trying to serve. That lack of knowledge regarding the mission-critical nature of a POS system is a big reason why some of the young cloud POS offerings haven’t gained traction in much more than a juice bar or niche boutique. Not to mention, their customer support often leaves a lot to be desired.

When it comes to cloud POS architecture, POS data is stored on a hosted server in a remote location (“the cloud”) and accessed via an internet connection.

On paper it makes sense. Everything is web-based and app-driven these days, so using a web browser to run your back office from anywhere certainly makes more sense than physically going to the store and sitting down in front of the computer. Cloud POS systems also eliminated the in-store server configuration leveraged by legacy software and replaced it with a cheaper, easy-to-manage server in an offsite datacenter.

PointofSale Comparison Diagram Traditional vs Cloud POS

However, nobody took the time to ask, “What happens when the internet goes down, and I can’t connect to the hosted server?” The answer is chaos. Betting on the reliability of DSL or cable internet is a fool’s bet. There are so many variables beyond your control that paying for the cost of a local server is worth the investment – there’s no dollar sign on peace of mind.

Imagine how many hundreds or thousands of dollars your business loses when a cloud-based POS system goes down versus the cost of a local server? Precisely.

The Bottom Line

What does this all mean for the restaurant owner? You have several legacy systems that are feature-rich, extremely reliable, but may look outdated to some.  On the other hand, you have cloud POS systems that are not as functional or stable but have modern aesthetic appeal.

When it comes to cloud POS vs. traditional POS, our best advice to you is one you’ve heard since childhood — never judge a book by its cover. In this case, never judge a POS system for its marketing appeal. The backend functionality and features are what you should take into consideration. How the system operates will have the most significant impact on your business — not how it looks. Plus, many traditional POS companies are now offering hardware that looks a lot sleeker and more modern than the “legacy POS” equipment you’re used to seeing. And these systems have the benefit of being built-for-purpose to withstand the rigors of busy restaurant and retail environments, unlike consumer tablets that were never really intended for this type of use.

 

 

 

 

 

Source

Continue Reading

By: Stephen Ames, VP of Compliance, Shift4 Payments

We in the payments industry are rapidly approaching a day that I hope will not “live in infamy.” June 30, 2018. This is the day that SSL and early versions of TLS will finally and officially be put to rest on payment processing interfaces. If you haven’t taken the proper steps, you may find yourself unable to process payments after that date. calendar page copy

Here’s what you need to know about the technologies themselves and the fast-approaching shutdown.

What Are SSL and Early TLS?

SSL, or Secure Sockets Layer, refers to a type of data encryption that was once used to secure communications between a user’s web browser and a web server in order to protect transmitted data from eavesdropping or tampering. Early TLS, or Transport Layer Security, refers to versions 1.0 and 1.1 of the encryption technology, themselves 18- and 11-year-old protocols, respectively – ancient by IT terms. TLS 1.0 and some cipher suites in TLS 1.1 are deemed insecure by the PCI Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST).

Indeed, some scary TLS exploits have been documented over the last decade. For example, there are several vulnerabilities that, when exploited by cybercriminals, can create an opportunity for “man-in-the-middle” attackers to break into a system and remain undetected, all while “eavesdropping” and gathering data as users communicate with each other. Another one of these vulnerabilities can potentially allow remote hackers to break into the system and cause a denial of service (DoS) error, which crashes the device and renders the payment network unusable.

Making Sense of It All

So how do you know if “early TLS” is being used in your payment processing environment? Well, that can be a little tricky to figure out. The PCI SSC’s own definitions of SSL and TLS are vague and based on PCI DSS version 3.1, which was superseded by version 3.2 in April 2016. They refer the reader to NIST Special Publication 800-52 Revision 1, which is itself a 4-year-old document, not to mention a common cure for insomnia. The SSC’s supplemental guidance on Migrating from SSL and Early TLS provides a fleeting definition:

“Fifteen years ago, SSL v3.0 was superseded by TLS v1.0, which has since been superseded by TLS v1.1 and v1.2. To date, SSL and early TLS no longer meet minimum security standards due to security vulnerabilities in the protocol for which there are no fixes. It is critically important that entities upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.”

To further complicate things, let’s review PCI DSS Requirement 4.1:

“Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks…”

We then find the definition of strong cryptography in the PCI DSS Glossary:

“Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is “one way”; that is, not reversible). It is recommended that all new implementations use a minimum of 128-bits of effective key strength.”

The reader is then referred to yet another NIST Special Publication – 800-57 Part 1, Revision 4 this time. Are you still with me? At this point, we still don’t have a clear definition of early TLS. We can’t simply say early TLS is TLS 1.0.

Here’s why. All TLS versions have vulnerabilities, be it weak bulk encryption ciphers or man-in-the-middle exploits. For example, there’s a new variant of the original POODLE attack that exploits implementation flaws of CBC – Cipher Block Chaining – encryption ciphers. This is not an SSL 3.0 downgrade attack as previously noted. The Logjam attack exploits implementations of the Diffie-Hellman key exchange process. There are also a handful of exploits against RC4-based encryption ciphers. And the list goes on.

So as you can see, early TLS is not very easy to define – and unfortunately the burden will be on merchants still using the technologies after the June 30 deadline who suddenly find themselves out of compliance or unable to process any payments.

Why June 30, 2018?

When the PCI Data Security Standard (DSS) version 3.1 was released back in April 2015, the PCI SSC decreed that SSLv3 and early versions of TLS are no longer considered strong encryption for the transport of cardholder data over public networks or for non-console administrative access to your cardholder data environment (CDE). This means that if you’re still using SSLv3 and early versions of TLS as of June 30, 2016, your CDE may be non-compliant with PCI DSS – not to mention the fact that your payment security operations will be at risk.

The PCI SSC revised their standing on these protocols in April 2016 when they released PCI DSS version 3.2, which offered the following conditions for continued use of SSL and early TLS:

  • You may continue using SSLv3 and early versions of TLS until June 30, 2018, but you must maintain a formal Risk Mitigation and Migration Plan.
  • You may continue using SSLv3 and early versions of TLS for your card-present point-of-sale terminals beyond June 30, 2018, if it can be verified they are not susceptible to any known exploits for SSLv3 and early versions of TLS. You must also maintain a formal Risk Mitigation and Migration Plan. While this may be a viable option for merchants, it is not for Shift4 Payments because it cripples our commitment to deliver ironclad security for your transactions.
  • Any new installations in your CDE may never use SSLv3 or early versions of TLS.

If you haven’t yet, I strongly encourage you reach out to your IT support staff and/or your PMS/POS system vendor to make sure you won’t be affected come the end of June. Suffice it to say that if your PMS or POS system is using TLS 1.0 or TLS 1.1, time is just about up to either modernize it to TLS 1.2, or replace your system. You can use our POS Solution Finder to identify compliant POS system options.

 

About Shift4 Payments

Shift4 Payments is the leader in secure payment processing solutions, powering the top point-of-sale and software providers across numerous verticals, including Food & Beverage, Hospitality, Lodging, Gaming, Retail and e-Commerce. This includes the company’s Harbortouch, Restaurant Manager, POSitouch, and Future POS brands, as well as over 300 additional software integrations in virtually every industry. With eight offices across the U.S. and Europe, 7,000 sales partners and three state-of-the-art data centers, the company securely processes over 1 billion transactions annually for nearly 200,000 businesses, representing over $100 billion in payments each year. For additional information, please visit www.shift4.com 

Source

Continue Reading

The payments industry are rapidly approaching a day that I hope will not “live in infamy.” June 30, 2018. This is the day that SSL and early versions of TLS will finally and officially be put to rest on payment processing interfaces. If you haven’t taken the proper steps, you may find yourself unable to process payments after that date. calendar page copy

Here’s what you need to know about the technologies themselves and the fast-approaching shutdown.

What Are SSL and Early TLS?

SSL, or Secure Sockets Layer, refers to a type of data encryption that was once used to secure communications between a user’s web browser and a web server in order to protect transmitted data from eavesdropping or tampering. Early TLS, or Transport Layer Security, refers to versions 1.0 and 1.1 of the encryption technology, themselves 18- and 11-year-old protocols, respectively – ancient by IT terms. TLS 1.0 and some cipher suites in TLS 1.1 are deemed insecure by the PCI Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST).

Indeed, some scary TLS exploits have been documented over the last decade. For example, there are several vulnerabilities that, when exploited by cybercriminals, can create an opportunity for “man-in-the-middle” attackers to break into a system and remain undetected, all while “eavesdropping” and gathering data as users communicate with each other. Another one of these vulnerabilities can potentially allow remote hackers to break into the system and cause a denial of service (DoS) error, which crashes the device and renders the payment network unusable.

Making Sense of It All

So how do you know if “early TLS” is being used in your payment processing environment? Well, that can be a little tricky to figure out. The PCI SSC’s own definitions of SSL and TLS are vague and based on PCI DSS version 3.1, which was superseded by version 3.2 in April 2016. They refer the reader to NIST Special Publication 800-52 Revision 1, which is itself a 4-year-old document, not to mention a common cure for insomnia. The SSC’s supplemental guidance on Migrating from SSL and Early TLS provides a fleeting definition:

“Fifteen years ago, SSL v3.0 was superseded by TLS v1.0, which has since been superseded by TLS v1.1 and v1.2. To date, SSL and early TLS no longer meet minimum security standards due to security vulnerabilities in the protocol for which there are no fixes. It is critically important that entities upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.”

To further complicate things, let’s review PCI DSS Requirement 4.1:

“Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks…”

We then find the definition of strong cryptography in the PCI DSS Glossary:

“Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is “one way”; that is, not reversible). It is recommended that all new implementations use a minimum of 128-bits of effective key strength.”

The reader is then referred to yet another NIST Special Publication – 800-57 Part 1, Revision 4 this time. Are you still with me? At this point, we still don’t have a clear definition of early TLS. We can’t simply say early TLS is TLS 1.0.

Here’s why. All TLS versions have vulnerabilities, be it weak bulk encryption ciphers or man-in-the-middle exploits. For example, there’s a new variant of the original POODLE attack that exploits implementation flaws of CBC – Cipher Block Chaining – encryption ciphers. This is not an SSL 3.0 downgrade attack as previously noted. The Logjam attack exploits implementations of the Diffie-Hellman key exchange process. There are also a handful of exploits against RC4-based encryption ciphers. And the list goes on.

So as you can see, early TLS is not very easy to define – and unfortunately the burden will be on merchants still using the technologies after the June 30 deadline who suddenly find themselves out of compliance or unable to process any payments.

Why June 30, 2018?

When the PCI Data Security Standard (DSS) version 3.1 was released back in April 2015, the PCI SSC decreed that SSLv3 and early versions of TLS are no longer considered strong encryption for the transport of cardholder data over public networks or for non-console administrative access to your cardholder data environment (CDE). This means that if you’re still using SSLv3 and early versions of TLS as of June 30, 2016, your CDE may be non-compliant with PCI DSS – not to mention the fact that your payment security operations will be at risk.

The PCI SSC revised their standing on these protocols in April 2016 when they released PCI DSS version 3.2, which offered the following conditions for continued use of SSL and early TLS:

  • You may continue using SSLv3 and early versions of TLS until June 30, 2018, but you must maintain a formal Risk Mitigation and Migration Plan.
  • You may continue using SSLv3 and early versions of TLS for your card-present point-of-sale terminals beyond June 30, 2018, if it can be verified they are not susceptible to any known exploits for SSLv3 and early versions of TLS. You must also maintain a formal Risk Mitigation and Migration Plan. While this may be a viable option for merchants, it is not for Shift4 Payments because it cripples our commitment to deliver ironclad security for your transactions.
  • Any new installations in your CDE may never use SSLv3 or early versions of TLS.

If you haven’t yet, I strongly encourage you reach out to your IT support staff and/or your PMS/POS system vendor to make sure you won’t be affected come the end of June. Suffice it to say that if your PMS or POS system is using TLS 1.0 or TLS 1.1, time is just about up to either modernize it to TLS 1.2, or replace your system. You can use our POS Solution Finder to identify compliant POS system options.

 

About Shift4 Payments

Shift4 Payments is the leader in secure payment processing solutions, powering the top point-of-sale and software providers across numerous verticals, including Food & Beverage, Hospitality, Lodging, Gaming, Retail and e-Commerce. This includes the company’s Harbortouch, Restaurant Manager, POSitouch, and Future POS brands, as well as over 300 additional software integrations in virtually every industry. With eight offices across the U.S. and Europe, 7,000 sales partners and three state-of-the-art data centers, the company securely processes over 1 billion transactions annually for nearly 200,000 businesses, representing over $100 billion in payments each year. For additional information, please visit www.shift4.com

 

Source

Continue Reading

Why POODLE/SSL Is The New Y2K For Your Restaurant

Remember Y2K (or at least reading about it)? On January 1, 2000 computers that everyone depended on were to malfunction due to four-digit years being represented by two digits. Although this never resulted in the major problems that were predicted, it sure did scare everyone. Now we have a new phenomena that could have a big impact on your restaurant (and represents a much more tangible threat than Y2K did)… 800px Mobile point of sale 14

Fast forward to June 30, 2018. On this day, the Payment Card Industry Standards Council (PCI SSC) is mandating that any restaurant running SSL must switch to TLS v1.1 or higher for all credit card processing to continue safeguarding payment data. Now I realize that you may feel like you are staring into a bowl of alphabet soup when I bring up these acronyms so bear with me as I explain.

For decades, SSL (Secure Sockets Layer) has been used as a standard way to convert data into code in order to prevent unauthorized access. Recently, vulnerabilities have been identified in SSL. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a flaw that enables attackers’ to extract data from a encrypted (secure) connection. To avoid this, you must switch from SSL entirely and TLS (Transport Security Layer) version 1.0 to TLS version 1.1 or higher. Not only will this allow you to fix the problem, but your restaurant will remain PCI compliant.

Once the June 30 deadline has passed, the credit card processing functionality of any non-compliant software, operating system and/or hardware will stop working. In other words, you will face a complete shutdown of your credit card processing! Most traditional POS systems are vulnerable and will need to be upgraded before this deadline. This could cost thousands of dollars. Now that’s scary …

While a lot of POS software providers are just now learning about this issue, some are well aware of this problem and are working to make it easier on restaurants that need to procure new software and/or hardware. For example, Harbortouch is offering a free upgrade to the latest version of their POS software to the company’s existing customers or POS software for free to new customers. They are also offering free EMV Terminals to ensure compliance with PCI’s new TLS requirements! These terminals can also support EMV chip card transactions with tip adjustment and accept Mastercard’s new BIN cards.

Many POS providers even have local resellers who will come to your restaurant to install and then support your POS hardware and software … you don’t have to know a thing about SSL or TLS or POODLE. They’ll take care of it for you! Contact a local reseller today for details on how you can ensure you do not lose the ability to accept credit card payments when this deadline arrives!

 

 

 

 

 

Source

 

Continue Reading

Shift4 Payments Lockup WEB ALLENTOWN, Pa. and LAS VEGAS – January 15, 2018 – Lighthouse Network today announced the acquisition of Shift4 Corporation, provider of the world’s largest independent payment gateway. Shift4 is the leader in secure payment processing solutions, serving tens of thousands of clients across North America, including some of the most widely recognized brands in retail and hospitality such as Choice Hotels, Caesars Entertainment, Red Roof Inn, Sleep Number and the PGA Tour, among many others.

Lighthouse Network has also announced that the entire company will rebrand as Shift4 Payments. Lighthouse Network was established in 2017 to power numerous brands in the point-of-sale industry by providing payment processing and technology solutions, as well as shared corporate services. Shift4 Payments will replace the Lighthouse Network brand at the top of the organization and power the payment processing services for the company’s Harbortouch, Future POS, Restaurant Manager and POSitouch product brands. Citizens Bank acted as financial advisor to Lighthouse Network for the transaction.

Founded in 1994, Shift4 holds 11 patents for their proprietary payments technologies and is credited with inventing payment data tokenization. The company is also a leader in PCI-validated point-to-point encryption (P2PE), EMV and numerous other secure processing solutions. Shift4 processes in excess of $60 billion annually and, combined with the former Lighthouse Network, the organization will collectively process in excess of $100 billion a year in payments. The Shift4 platform has maintained 100% gateway system uptime since 2008 with fully redundant, geographically diverse data centers (hot/hot) powering its robust processing infrastructure. Shift4 also has over 300 unique software integrations supporting ISVs and merchants in a wide range of markets, including Food & Beverage, Hospitality, Retail and e-Commerce, with full Omni-commerce capabilities.

Jared Isaacman, CEO of Shift4 Payments (formerly Lighthouse Network), states, “This acquisition is transformational for our organization as it enables us to power our industry-leading POS brands with a best-in-class payments platform that is second to none in terms of security, reliability and functionality. But this story is not just about our Harbortouch, Future POS, Restaurant Manager and POSitouch brands, as we also aim to empower the over 300 existing Shift4 software integrations with game-changing benefits. Shift4 is truly in a class of its own when it comes to secure payment processing, and as such, rebranding Lighthouse Network as Shift4 Payments reflects our commitment to powering all the leading software brands with premium payment processing services.”

Shift4 President & CTO J.D. Oder II adds, “This acquisition combines the strengths of two significant and well-established organizations with complementary capabilities, fulfilling the notion that ‘one plus one’ can equal a much larger number than the math implies. Shift4’s merchants and ISV partners for years have asked for more than just an outstanding gateway solution, but the full spectrum of payment processing services. We can now meet that need and so much more.”

For more information, visit www.shift4.com/announcement

About Shift4 Payments

Shift4 Payments is the leader in secure payment processing solutions, powering the top point-of-sale and software providers across numerous verticals, including Food & Beverage, Hospitality, Lodging, Gaming, Retail and e-Commerce. This includes the company’s Harbortouch, Restaurant Manager, POSitouch, and Future POS brands, as well as over 300 additional software integrations in virtually every industry. With eight offices across the U.S. and Europe, 7,000 sales partners and three state-of-the-art data centers, the company securely processes over 1 billion transactions annually for nearly 200,000 businesses, representing over $100 billion in payments each year.

 

 

Source

Continue Reading

SuperBowlParty WASHINGTON, January 25, 2018 – American adults are expected to spend an average $81.17 for a total of $15.3 billion as an estimated 188.5 million people watch the New England Patriots take on the Philadelphia Eagles in the Super Bowl next month, according to the annual survey released today by National Retail Federation and Prosper Insights & Analytics. Projected viewership is the same as last year but total spending is up 8.5% from $14.1 billion in 2017.

“Whether throwing their own party, heading to a friend’s house or gathering at their favorite bar or restaurant, consumers are ready to spend on the big game,” NRF President and CEO Matthew Shay said. “Super Bowl shoppers will find retailers well-stocked on decorations, apparel, food and all other necessities to cheer on their favorite team.”

Of the 76 percent of those surveyed who plan to watch the game, 82 percent say they will purchase food and beverages — up slightly from 80 percent last year — and the highest in the survey’s history. Another 11 percent will buy team apparel or accessories, unchanged from 2017. New televisions and decorations hold a similar draw for those planning to watch at home, with 8 percent planning to purchase each, also unchanged. Those 25-34 will spend the most of any age group at an average of $118.43.

According to the survey, 18 percent (45 million) will host a Super Bowl party, with 28 percent (69 million) planning to attend one. Bars and restaurants will entice 5 percent (11 million) planning to watch at their favorite local spot.

Of those watching, 41 percent say the most important part of the Super Bowl is the game itself, while 24 percent cite the commercials, 15 percent like getting together with friends, 14 percent watch for the half-time show and 7 percent are there for the food.

“Consumers are carrying strong spending momentum from the holiday season into their Super Bowl festivities,” Prosper Executive Vice President of Strategy Phil Rist said. “This is evident through increased plans for purchasing while the number of viewers remains steady with last year. Fans aren’t afraid to spend a few extra dollars to make this year’s game the best one yet.”

The survey, which asked 7,277 consumers about their Super Bowl plans, was conducted January 3-10 and has a margin of error of plus or minus 1.1 percentage points. Full data results will not be published on NRF.com but news media and analysts who require additional information can contact press@nrf.com.

About Prosper Insights & Analytics
Prosper Insights & Analytics delivers executives timely, consumer-centric insights from multiple sources. As a comprehensive resource of information, Prosper represents the voice of the consumer and provides knowledge to marketers regarding consumer views on the economy, personal finance, retail, lifestyle, media and domestic and world issues.

About NRF
NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private-sector employer, supporting one in four U.S. jobs — 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy.

 

 

Source

Continue Reading

While wish lists are as old as the North Pole’s top executive, their popularity continues to endure. Gift givers rely on them to make the task of finding just the right items more exact. And recipients love them because they are more likely to receive the items they’ve been dreaming of. And they’re a win-win-win for retailers as well, reducing the dreaded post-holiday onslaught of returns.

But what are retailers wishing for their stores this holiday season? We talk to a lot of them, so here are five “sugar plums” dancing in their heads.

Wish #1: Bring shoppers into the store.

Since shoppers spend 90 percent more time visiting a bricks-and-mortar store than they do on a vendor’s website, and the average in-store purchase is higher than online, retailers want to lure more foot traffic this holiday season. Plus, an in-store experience offers the best opportunity to leverage face-to-face engagement and stellar service to wow shoppers and garner their loyalty.

Wish Granted: Unique in-store experiences attract shoppers like children drawn to the aroma of cookies in the oven. Creating a variety of experiences for specific shopper segments with respect to lifestyle and demographics can help retailers not only bring shoppers to the store but effectively manage volume. Another strategy is creating limited time, in-store only promotions early in the season with back-end rewards for revisiting the store in time for holiday gift giving. According to last year’s IBM survey of consumers’ top criteria for choosing where to shop, free in-store pickup is a huge advantage for beckoning shoppers to the store. Shipping costs influenced 83 percent of respondents not to complete an online purchase.

Wish #2: Keep checkout queues short and moving.

The last thing retailers want to do is aggravate in-store shoppers whose baskets are brimming with merchandise by making them wait in long queues. Yet retail reports indicate that getting stuck in a checkout line is one of the biggest frustrations. For time-starved consumers, it’s a huge motivator for shopping online.

Wish Granted: The obvious solution is to schedule ample help to staff additional registers during peak days and times and special events and promotions. However, this can be a challenge due to a shortage of workforce resources. Placing mobile POS devices in the hands of every associate can keep checkout lines moving steadily and wait times to a minimum during unforeseen periods of high-volume traffic. Another solution is unmanned kiosks that shoppers can use to bypass lines altogether.

Wish #3: Have the products shoppers want in stock.

It seems like every year a dearth of the most popular gift items turns congenial shoppers into wrestlers, making for somewhat amusing, and at times disturbing, news. Nothing sends shoppers out the door (and online to Amazon) faster than “out of stock.” In fact, at least two-thirds of in-store shoppers who experience stock-outs take their business elsewhere or do not buy at all. Inventory management is about as challenging as guiding a sleigh full of toys on a foggy night.

Wish Granted: With visibility into a real-time inventory management system that tracks movement across the entire supply chain, store associates can offer shoppers convenient alternatives to walking out the door due to stock-outs. Stores become virtual distribution centers as associates orchestrate product delivery or arrange for store pickup at other locations. For 80 percent of surveyed consumers, it was important to be able to view in-store product availability before making a trip to the store. An automated system also helps prevent out of stocks, generating replenishment when certain thresholds are reached.

Wish #4: Make staff more efficient and effective.

Finding holiday help seems to be more and more difficult as the Boomer workforce continues to melt. And adding temporary staff means extra costs that eat into holiday profits. It’s easy to think that those extra bodies are the only way to offer nice service that prevents shoppers from becoming naughty. Making staff more efficient is a more cost-effective solution than taking on additional personnel.

Wish Granted: Mobile devices enable current staff to assist customers in a variety of ways, anywhere in the store—providing concierge-level assistance for shoppers in the dressing room, helping shoppers locate products in the aisles, or rescuing them from long wait times in checkout queues. Bonus: in-store use of mobile devices more easily attracts tech-savvy Millennials to augment the holiday workforce.

Wish #5: Reduce post-holiday returns madness.

The joy of successful holiday sales is tempered by the anticipation of the in-store pandemonium sure to follow. In a perfect word, if retailers have maintained optimum inventory and have motivated shoppers to purchase gifts in the physical store, it stands to reason that better in-person buying decisions will lead to fewer returns. However, many will visit the store with unwanted gifts purchased online. Standers in long, snaking lines simply want their transactions over and done. It’s all about providing great service to keep those customers coming back to the store.

Wish Granted: Mobile devices that enable more associates to process returns quickly will boost good will and help convert store visitors into loyal customers. Plus, trained associates have an opportunity to engage in a discussion about what products they’re looking for and where to find them in the store.

 

Source

Continue Reading

Hotels, resorts, cruise lines and other hospitality venues are adapting digital signage to replace printed signs and notices within their establishments. The benefits are many, but most notably the ability to instantly change messages and the cost savings from printed placards. Staff time savings, guest convenience, promotions of internal amenities such as restaurants and lounges, and the cachet of IT within their establishments are also incentives to move toward digital signage, not only as information but also a point of sale (POS) incentive.

Mood Media is one company that has expanded to the hospitality sector, adding content from TripAdvisor’s® website to its digital signage solutions. Dubbed MVision Travel, the digital signage application serves as a “virtual concierge” for guests at major hotel brands. The real-time feed of TripAdvisor content into guest rooms includes recommendations, graphics and ratings for local attractions.

Cruise ship digital signage can serve as support “staff” through touch screens and monitors. Helping players find casinos, providing prices and appointment settings for spa and salon services, accessing information about formal events and recreational schedules and more, digital signs can also serve crucial functions such as displaying passenger safety information and protocols.

For example, Four Winds Interactive iDS® software solution is used on the Oasis of the Seas by Royal Caribbean. The company’s website notes that the size, number, and placement of digital signs and touch screens throughout the ship is crucial, but the software platform and applications are just as important, if not more so. This software will determine what content can be shown on these displays and how easy the system is to manage. One critical decision that executives face is whether to purchase a software license for a single ship or for the entire fleet when implementing cruise line digital signage. By purchasing a company-wide license, the cost per ship and per sign goes down, and the opportunities to create consistent cruise line branding increase substantially. The economic benefits of a fleet-wide license can also serve as the perfect excuse to invest in a fleet-wide overhaul of guest services and amenities.

A White Paper from Keywest Technology cites six areas that digital signage in hotels can cost-effectively increase revenues and enhance the guest experience. They include in-room channels; door cards; reader boards; advertising signage; mapping; and hybrid, interactive displays such as kiosks. Amenities offered on the property or information on hours of operation for an in-house restaurant, checkout times or safety procedures can also be displayed.

The White Paper notes that real-time advertising messages geared toward the demographics of an anticipated audience may be the chief advantage of digital signage in advertising applications over static, printed signs. The practice, called “day-parting,” empowers managers to promote

in-house restaurants based on breakfast, lunch or dinner specials of the day on the same sign at the time of day when people are most interested in a given meal. Later, that sign can be used to promote the hotel lounge and special entertainment. Keeping the guest on the premises and spending money in-house is the goal. Additionally, advertising from selected outside businesses, such as upscale retail or local attractions, can also easily be added.

 

Source

Continue Reading

How The Point Of Sale (POS) Industry Works

If you are researching point of sale (POS) solutions for your business, or just want to understand more about the POS industry, here is a brief summary of how the point of sale industry works.

Point of sale solutions are about as diverse as the businesses they serve.  This stands to reason since businesses vary in size, scope, location, products, services, management styles, customer base, and many other factors.  Point of sale systems include a synthesis of both hardware and software, and coming up with the right blend for a particular business model is no simple matter.  Those in the POS industry know this, and so there is naturally an attempt to create avenues for helping businesses make good decisions and find the support they need.  It is helpful to know how this works.

Generally, the POS industry follows a supply chain model like this:

POS_industry_supply_chain

POS Hardware Manufacturers and Software Developers

APGPodium-Blkm-SSfrontPoint of sale manufactures create hardware, such as all-in-one POS terminals, barcode scanners, keyboards, cash drawers, pole displays, and receipt printers.  Frequently manufacturers will specialize on certain POS hardware items, such as APG Cash Drawer and MMF POS for cash drawers, or Epson for receipt printers.

POS software developers focus on creating software that provides POS functionality such as sales transactions, MMF_ADVC2MetalLockItUpTrayOnTopinventory control, reporting capabilities, managing customer data, and much more.  It is common for developers to customize their POS software for various industries, such as retail, grocery, liquor stores, salons, and others, since these business types can have very different needs.  Some software developers choose to work directly with businesses to create cost-effective and customized solutions, doing without the distributor/VAR chain.  Some developers focus on providing online POS solutions based on cloud technology, so that the point of sale software can be used more independently of hardware restrictions, and accessed from a POS station, computer, laptop, or smartphone.

POS Distributors

POS distributors act as liaisons between manufacturers and VARs.  Large distributors such as BlueStar and ScanSource are poised to find and work with the best manufacturers of POS hardware from across the globe, many of whom offer innovative and cost-effective technology but are not set up to work directly with VARs or businesses efficiently.  By working with manufacturers, the distributors help to reduce costs and improve products with product testing and product support.

POS distributors also are able to integrate POS hardware with various POS software options, allowing VARs to offer reasonable options for businesses of all levels.  Distributors will often include terminal setup so that VARs can offer plug and play installation for their clients, saving both the reseller and the business the headaches of installation.

The distributor’s relationships with POS software developers provide the benefit of customer leads for POS VARs.  Other benefits that distributors offer to resellers include training for products, technology, and business, sales support and advertising assistance, and trade shows for education, exposure, and networking.  They can also provide technical support, such as testing software compatibility with POS terminals, as well access to an extensive inventory.

Distributors also provide a credit facility, when VARs require it, to allow sales involving large amounts of equipment to be easily transacted.

POS Value-Added Resellers (VARs)

POS VARs are specialists who work directly with business owners to find the right blend of hardware and software for their business, adding value to the products with their expertise and ongoing support.  VARs may work independently or with a POS Distributor for added support and expertise.   VARs will handle installations, coordinating or supervising cable and electrical installations.  They will also provide on-site training for the staff.   Many VARs bring decades of POS experience with equipment of all shapes and sizes to bear for the benefit of the store owner.

POS End-Users

The end-users of POS systems are businesses large and small in retail, service and other industries.   Businesses using point of sale solutions range from small single-store outfits to online companies, to national or international corporations.  Point of sale solutions can hold tremendous benefits for apparel or hospitality applications, automotive shops, drug stores, restaurants, grocery stores, e-commerce sites, single store or multi-store operations, and more.  A properly suited POS system can save time and money, greatly increase efficiency and improve customer service and satisfaction.

The effective installation of a point of sale system involves a ten billion dollar plus industry with numerous players adding value at every stage.  End-users of a POS system, and certainly their customers, may not see or appreciate the tens of thousands of people involved, but they are there, in the background, helping to make it happen.  The local reseller may be a two person or fifty-two person operation, but they are ultimately backed by companies from modestly sized software developers to multi-billion dollar distributors and layers of expert industry personnel, all working to ensure a smooth and seamless POS installation.

All-In-One Company

Harbortouch Elite POS was designed from the ground up with custom hardware and industry-specific software exclusively from Harbortouch. Our FREE point of sale system program eliminates the enormous up-front costs over other expensive choices. With credit card processing built in you have one phone number to call for everything. Leaving nothing out, Harbortouch offers complete coverage from 24/7 award-winning technical support to free hardware replacement for the life of your system. Harbortouch has you covered the entire time you own the system.

 

 

Source

Continue Reading