Point of sale
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer (which may be a cash register printout), and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt, as proof of transaction, which is usually printed but can also be dispensed with or sent electronically.
To calculate the amount owed by a customer, the merchant may use various devices such as weighing scales, barcode scanners, and cash registers (or the more advanced "POS cash registers", which are sometimes also called "POS systems"[4][5]). To make a payment, payment terminals, touch screens, and other hardware and software options are available.
The point of sale is often referred to as the point of service because it is not just a point of sale but also a point of return or customer order. POS terminal software may also include features for additional functionality, such as inventory management, CRM, financials, or warehousing.
Businesses are increasingly adopting POS systems, and one of the most obvious and compelling reasons is that a POS system eliminates the need for price tags. Selling prices are linked to the product code of an item when adding stock, so the cashier merely scans this code to process a sale. If there is a price change, this can also be easily done through the inventory window. Other advantages include the ability to implement various types of discounts, a loyalty scheme for customers, and more efficient stock control. These features are typical of almost all modern ePOS systems.
Terminology
Retailers and marketers will often refer to the area around the checkout instead as the point of purchase (POP) when they are discussing it from the customer's perspective. This is particularly the case when planning and designing the area as well as when considering a marketing strategy and offers.
Some point of sale vendors refer to their POS system as "retail management system" which is a more appropriate term, since this software is not just for processing sales but comes with many other capabilities, such as inventory management, membership systems, supplier records, bookkeeping, issuing of purchase orders, quotations and stock transfers, hide barcode label creation, sale reporting and in some cases remote outlet networking or linkage, to name some major ones.
Nevertheless, it is the term POS system rather than retail management system that is in vogue among both end-users and vendors.
The basic, fundamental definition of a POS System is a system which allows the processing and recording of transactions between a company and its consumers, at the time in which goods and/or services are purchased.
History
Early electronic cash registers (ECR) were controlled with proprietary software and were limited in function and communication capability. In August 1973, IBM released the IBM 3650 and 3660 store systems that were, in essence, a mainframe computer used as a store controller that could control up to 128 IBM 3653/3663 point of sale registers. This system was the first commercial use of client-server technology, peer-to-peer communications, local area network (LAN) simultaneous backup, and remote initialization. By mid-1974, it was installed in Pathmark stores in New Jersey and Dillard's department stores.
One of the first microprocessor-controlled cash register systems was built by William Brobeck and Associates in 1974, for McDonald's Restaurants.[6] It used the Intel 8008, an early microprocessor (forerunner to the Intel 8088 processor used in the original IBM Personal Computer). Each station in the restaurant had its own device which displayed the entire order for a customer — for example, [2] Vanilla Shake, [1] Large Fries, [3] BigMac — using numeric keys and a button for every menu item. By pressing the [Grill] button, a second or third order could be worked on while the first transaction was in progress. When the customer was ready to pay, the [Total] button would calculate the bill, including sales tax for almost any jurisdiction in the United States. This made it accurate for McDonald's and very convenient for the servers and provided the restaurant owner with a check on the amount that should be in the cash drawers. Up to eight devices were connected to one of two interconnected computers so that printed reports, prices, and taxes could be handled from any desired device by putting it into Manager Mode. In addition to the error-correcting memory, accuracy was enhanced by having three copies of all important data with many numbers stored only as multiples of 3. Should one computer fail, the other could handle the entire store.
In 1986, Gene Mosher introduced the first graphical point of sale software[7] featuring a touchscreen interface under the ViewTouch[8] trademark on the 16-bit Atari 520ST color computer.[9] It featured a color touchscreen widget-driven interface that allowed configuration of widgets representing menu items without low level programming.[10] The ViewTouch point of sale software was first demonstrated in public at Fall Comdex, 1986,[11] in Las Vegas Nevada to large crowds visiting the Atari Computer booth. This was the first commercially available POS system with a widget-driven color graphic touch screen interface and was installed in several restaurants in the US and Canada.
In 1986, IBM introduced its 468x series of POS equipment based on Digital Research's Concurrent DOS 286 and FlexOS 1.xx, a modular real-time multi-tasking multi-user operating system.
Modern software (post-1990s) A wide range of POS applications have been developed on platforms such as Windows and Unix. The availability of local processing power, local data storage, networking, and graphical user interface made it possible to develop flexible and highly functional POS systems. Cost of such systems has also declined, as all the components can now be purchased off-the-shelf.
In 1993, IBM adopted FlexOS 2.32 as the basis of their IBM 4690 OS in their 469x series of POS terminals. This was developed up to 2014 when it was sold to Toshiba, who continued to support it up to at least 2017.
With increased options for commodity hardware and a more competitive market, the 1990s saw increased attention paid to the user interaction between store employees and POS systems. Touchscreens and larger displays became widely available in the 1990s, offering an alternative to limited displays like two-line VFDs used in the IBM 4683. The performance of the employees using the POS devices, a controllable cost for the business, depends upon the ease of learning, ease of use, and level of employee experience with it. Although experienced employees work more quickly with mechanically keyed entry,[12] some systems favoured adopting GUI technology for ease of learning or for ergonomic factors.[13]
The key requirements that must be met by modern POS systems include high and consistent operating speed, reliability, ease of use, remote supportability, low cost, and rich functionality. Retailers can reasonably expect to acquire such systems (including hardware) for about $4000 US (as of 2009) per checkout lane.
Reliability depends not wholly on the developer but at times on the compatibility between a database and an OS version. For example, the widely used Microsoft Access database system had a compatibility issue when Windows XP machines were updated to a newer version of Windows. Microsoft offered no immediate solution. Some businesses were severely disrupted in the process, and many downgraded back to Windows XP for a quick resolution. Other companies utilized community support, for a registry tweak solution has been found for this.[14][unreliable source]
POS systems are one of the most complex software systems available because of the features that are required by different end users. Many POS systems are software suites that include sale, inventory, stock counting, vendor ordering, customer loyalty and reporting modules. Sometimes purchase ordering, stock transferring, quotation issuing, barcode creating, bookkeeping or even accounting capabilities are included. Each of these modules is interlinked if they are to serve their practical purpose and maximize their usability.
For instance, the sale window is immediately updated on a new member entry through the membership window because of this interlinking. Similarly, when a sale transaction is made, any purchase by a member is on record for the membership window to report providing information like payment type, goods purchased, date of purchase and points accumulated. Comprehensive analysis performed by a POS machine may need to process several qualities about a single product, like selling price, balance, average cost, quantity sold, description and department. Highly complex programming is involved (and possibly considerable computer resources) to generate such extensive analyses.
POS systems are designed not only to serve the retail, wholesale and hospitality industries as historically is the case. Currently POS systems are also used in goods and property leasing businesses, equipment repair shops, healthcare management, ticketing offices such as cinemas and sports facilities and many other operations where capabilities such as the following are required: processing monetary transactions, allocation and scheduling of facilities, keeping record and scheduling services rendered to customers, tracking of goods and processes (repair or manufacture), invoicing and tracking of debts and outstanding payments.
Different customers have different expectations within each trade. The reporting functionality alone is subject to so many demands, especially from those in the retail/wholesale industry. To cite special requirements, some business's goods may include perishables and hence the inventory system must be capable of prompting the admin and cashier on expiring or expired products. Some retail businesses require the system to store credit for their customers, credit which can be used subsequently to pay for goods. A few companies expect the POS system to behave like a full-fledged inventory management system, including the ability to provide FIFO (First In First Out) and LIFO (Last In First Out), reports of their goods for accounting and tax purposes.
In the hospitality industry, POS system capabilities can also diverge significantly. For instance, a restaurant is typically concerned about how the sale window functions: whether it has functionality such as creating item buttons, various discounts, adding a service charge, holding of receipts, queuing, table service, as well as takeaways, merging and splitting of a receipt. These capabilities may be insufficient for a spa or slimming center which would require, in addition, a scheduling window with historical records of customers' attendance and their special requirements.
A POS system can be made to serve different purposes to different end users depending on their business processes. Often an off-the-shelf POS system is inadequate for customers. Some customization is required, and this is why a POS system can become very complex. The complexity of a mature POS system extends to remote networking or interlinking between remote outlets and the HQ such that updating both ways is possible. Some POS systems offer the linking of web-based orders to their sale window. Even when local networking is only required (as in the case of a high-traffic supermarket), there is the ever-present challenge for the developer to keep most if not all of their POS stations running. This puts high demand not just on software coding but also designing the whole system covering how individual stations and the network work together, and special consideration for the performance capability and usage of databases. Due to such complexity, bugs and errors encountered in POS systems are frequent.[15]
With regard to databases, POS systems are very demanding on their performance because of numerous submissions and retrievals of data - required for correct sequencing the receipt number, checking various discounts, membership, calculating subtotal, so forth - just to process a single sale transaction. The immediacy required of the system on the sale window such as may be observed at a checkout counter in a supermarket cannot be compromised. This places much stress on individual enterprise databases if there are just several tens of thousands of sale records in the database. Enterprise database Microsoft SQL Server, for example, has been known to freeze up (including the OS) entirely for many minutes under such conditions showing a "Timeout Expired" error message. Even a lighter database like Microsoft Access will slow to a crawl over time if the problem of database bloating is not foreseen and managed by the system automatically. Therefore, the need to do extensive testing, debugging and improvisation of solutions to preempt failure of a database before commercial implementation complicates the development.
POS system accuracy is demanding, given that monetary transactions are involved continuously not only via the sale window but also at the back end through the receiving and inputting of goods into the inventory. Calculations required are not always straightforward. There may be many discounts and deals that are unique to specific products, and the POS machine must quickly process the differences and the effect on pricing. There is much complexity in the programming of such operations, especially when no error in calculation can be allowed.
Other requirements include that the system must have functionality for membership discount and points accumulation/usage, quantity and promotional discounts, mix and match offers, cash rounding up, invoice/delivery-order issuance with outstanding amount. It should enable a user to adjust the inventory of each product based on physical count, track expiry of perishable goods, change pricing, provide audit trail when modification of inventory records is performed, be capable of multiple outlet functionality, control of stocks from HQ, doubling as an invoicing system, just to name some.
It is clear that POS system is a term that implies a wide range of capabilities depending on the end-user requirements. POS system review websites cannot be expected to cover most let alone all the features. Unless one is a developer, it is unrealistic to expect the reviewer to know all the aspects of a POS system. For instance, a POS system might work smoothly on a test database during the review but not when the database grows significantly in size over months of usage. And this is only one among many hidden critical functionality issues of a POS system.
Hardware interface standardization (post-1980s) Vendors and retailers are working to standardize development of computerized POS systems and simplify interconnecting POS devices. Two such initiatives were OPOS and JavaPOS, both of which conform to the UnifiedPOS standard led by The National Retail Foundation.
OPOS (OLE for POS) was the first commonly adopted standard and was created by Microsoft, NCR Corporation, Epson and Fujitsu-ICL. OPOS is a COM-based interface compatible with all COM-enabled programming languages for Microsoft Windows. OPOS was first released in 1996. JavaPOS was developed by Sun Microsystems, IBM, and NCR Corporation in 1997 and first released in 1999. JavaPOS is for Java what OPOS is for Windows, and thus largely platform independent.
There are several communication ways POS systems use to control peripherals such as:
Logic Controls \ BemaTech Epson Esc/POS UTC Standard UTC Enhanced AEDEX ICD 2002 Ultimate CD 5220 DSP-800 ADM 787/788 HP
There are also nearly as many proprietary protocols as there are companies making POS peripherals. Most POS peripherals, such as displays and printers, support several of these command protocols to work with many different brands of POS terminals and computers.
User interface design The design of the sale window is the most important one for the user. This user interface is highly critical when compared to those in other software packages such as word editors or spreadsheet programs where the speed of navigation is not so crucial for business performance.
For businesses at prime locations where real estate is at a premium, it can be common to see a queue of customers. The faster a sale is completed the shorter the queue time which improves customer satisfaction, the less space it takes, which benefits shoppers and staff. High-traffic operations such as grocery outlets and cafes need to process sales quickly at the sales counter so the UI flow is often designed with as few popups or other interruptions to ensure the operator isn't distracted and the transaction can be processed as quickly as possible.
Although improving the ergonomics is possible, a clean, fast-paced look may come at the expense of sacrificing functions that are often wanted by end-users such as discounts, access to commission earned screens, membership and loyalty schemes can involve looking at a different function of the POS to ensure the point of sale screen contains only what a cashier needs at their disposal to serve customers.
Cloud-based (post-2000s) The advent of cloud computing has given birth to the possibility of electronic point of sale (EPOS) systems[16] to be deployed as software as a service, which can be accessed directly from the Internet using any internet browser. Using the previous advances in the communication protocols for POS's control of hardware, cloud-based POS systems are independent from platform and operating system limitations. EPOS systems based in the cloud (most small-business POS today) are generally subscription-based, which includes ongoing customer support.[17]
Compared to regular cash registers (which tend to be significantly cheaper but only process sales and prints receipts), POS systems include automatic updating of the inventory library stock levels when selling products, real-time reports accessible from a remote computer, staff timesheets and a customer library with loyalty features.[18][clarification needed][clarification needed]
Cloud-based POS systems are also created to be compatible with a wide range of POS hardware and sometimes tablets such as Apple's iPad. Thus cloud-based POS also helped expand POS systems to mobile devices, such as tablet computers or smartphones.[19]
These devices can also act as barcode readers using a built-in camera and as payment terminals using built-in NFC technology or an external payment card reader. A number of POS companies built their software specifically to be cloud-based. Other businesses who launched pre-2000s have since adapted their software to evolving technology.
Cloud-based POS systems are different from traditional POS largely because user data, including sales and inventory, are not stored locally, but in a remote server. The POS system is also not run locally, so there is no installation required.
Depending on the POS vendor and the terms of the contract, compared to traditional on-premises POS installation, the software is more likely to be continually updated by the developer with more useful features and better performance in terms of computer resources at the remote server and in terms of fewer bugs and errors.
Other advantages of a cloud-based POS are instant centralization of data (important especially to chain stores), ability to access data from anywhere there is internet connection, and lower start-up costs.[20][21]
Cloud based POS requires an internet connection. For this reason it important to use a device with 3G connectivity in case the device's primary internet goes down. In addition to being significantly less expensive than traditional legacy point of sale systems, a notable strength of cloud-based point of sale systems is the ability to switch to a different product, by a different developer, without having to purchase new hardware. The many developers creating new software applications help to ensure that the system is supported for longer than a typical legacy POS system.
A number of noted emerging cloud-based POS systems came on the scene less than a decade or even half a decade back. These systems are usually designed for restaurants, small and medium-sized retail operations with fairly simple sale processes as can be culled from POS system review sites. It appears from such software reviews that enterprise-level cloud-based POS systems are currently lacking in the market. "Enterprise-level" here means that the inventory should be capable of handling a large number of records, such as required by grocery stores and supermarkets. It can also mean that the system software and cloud server must be capable of generating reports such as analytics of sale against inventory for both a single and multiple outlets that are interlinked for administration by the headquarters of the business operation.
POS vendors of such cloud based systems should also have a strong contingency plan for the breakdown of their remote server such as represented by fail-over server support. Sometimes a major data center can fail completely, such as in a fire.[22] On-premises installations are therefore sometimes seen alongside cloud-based implementation to preempt such incidents, especially for businesses with high traffic. The on-premises installations may not have the most up-to-date inventory and membership information.
For such contingency, a more innovative though highly complex approach for the developer is to have a trimmed down version of the POS system installed on the cashier computer at the outlet. On a daily basis the latest inventory and membership information from the remote server is automatically updated into the local database. Thus should the remote server fail, the cashier can switch over to the local sale window without disrupting sales. When the remote server is restored and the cashier switches over to the cloud system, the locally processed sale records are then automatically submitted to the remote system, thus maintaining the integrity of the remote database.
Although cloud-based POS systems save the end-user startup cost and technical challenges in maintaining an otherwise on-premises installation, there is a risk that if the cloud-based vendor closes down it may result in more immediate termination of services for the end-user compared to the case of a traditional full on-premises POS system where it can still run without the vendor.
Another consideration is that a cloud-based POS system actually exposes business data to service providers - the hosting service company and the POS vendor which have access to both the application and database. The importance of securing critical business information such as supplier names, top selling items, customer relationship processes cannot be underestimated given that sometimes the few key success factors or trade secrets of a business are actually accessible through the POS system. This security and privacy concern is an ongoing issue in cloud computing.
Retail industry
The retail industry is one of the predominant users of POS terminals. The POS interface at a retail establishment varies greatly depending on the industry and owner of the retailer, but usually includes a cash register (typically a specialized x86-based computer running Windows Embedded or Linux), a method for employee input, cash drawer, receipt printer, barcode scanners (which may incorporate a scale), and an interface for processing Card payments and Processing Customer Information (a Payment Terminal). It can also include a conveyor belt, checkout divider, wireless handheld scanners, integrated card processing systems, and customer-facing displays to display totals and show advertisements. While some systems use typical PC interfaces (such as a keyboard & mouse), it is far more common to utilize touchscreens as they allow for faster response and better customization for the retailer. In the past, most IBM systems used a primarily keyboard-based interface, and NCR previously used side-keys on their displays before touchscreens were widely available, similar to their ATM products.
The POS system software can typically handle a myriad of customer based functions, such as sales, returns, exchanges, layaways, gift cards, gift registries, customer loyalty programs, promotions, discounts and much more. POS software can also allow for functions such as pre-planned promotional sales, manufacturer coupon validation, foreign currency handling and multiple payment types.
The POS unit handles the sales to the consumer, but it is only one part of the entire POS system used in a retail business. The controlling servers, or "Back-office" computers, typically handle other functions of the POS system such as inventory control, pricing, purchasing, receiving and transferring of products to and from other locations. Other typical functions of a POS system are: store sales information for enabling customer returns, reporting purposes, sales trends and cost/price/profit analysis. Customer information may be stored for receivables management, marketing purposes and specific buying analysis. Many retail POS systems include an accounting interface that "feeds" sales and product losses, cash drawer expected totals, and cashier productivity information to independent accounting applications.
A multi-terminal POS system used by big retailers like supermarkets and department stores has a far more demanding database and software architecture than that of a single station seen in small retail outlets. A supermarket with high traffic cannot afford a systemic failure, hence each point of sale station is designed to be robust in its operation. Most proprietary POS systems designed for large retailers use 2 servers, with one acting as a backup in case of failure. In the event that both servers fail, the individual POS systems will enter a failsafe mode, where sales data is stored locally and exported back to the servers upon a return of the connection. This may prove challenging to implement in some instances however, as many commercial POS systems do not have any hard disks for security purposes, and often have limited amounts of RAM.
Performing updates between multiple stations and the back end administrative computer should be redundant, so that updates to inventory and promotions will be accurately reflected at checkout without having to restart the computer, and reflecting accurate sales records to the back-end computer at the end of the business day.
This gets even more complicated when there is a membership system requiring real-time two-way updating of membership points between sale stations and the back end administrative computer.
Retail operations such as hardware stores, lumber yards, electronics stores and so-called multifaceted superstores need specialized additional features compared to other stores. POS software in these cases handles special orders, purchase orders, repair orders, service and rental programs as well as typical point of sale functions. Rugged hardware is required for point of sale systems used in outdoor environments. Wireless devices, battery powered devices, all-in-one units, and Internet-ready machines are typical in this industry.
Recently new applications have been introduced, enabling POS transactions to be conducted using mobile phones and tablets. According to a recent study, mobile POS (mPOS) terminals are expected to replace the contemporary payment techniques because of various features including mobility, upfront low cost investment and better user experience.[23]
In the mid-2000s, the blind community in the United States engaged in structured negotiations to ensure that retail point of sale devices had tactile keypads. Without keys that can be felt, a blind person cannot independently enter her or his PIN. In the mid-2000s retailers began using "flat screen" or "signature capture" devices that eliminated tactile keypads. Blind people were forced to share their confidential PIN with store clerks to use their debit and other PIN-based cards. The blind community reached agreement with Walmart, Target, CVS and eight other retailers that required real physical keys so blind people could use the devices.
Checkout configuration Early stores typically kept merchandise behind a counter. Staff would fetch items for customers to prevent the opportunity for theft and sales would be made at the same counter. Self-service grocery stores such as Piggly Wiggly, beginning in 1916, allowed customers to fetch their own items and pass the point of sale enroute to the exit.
Modern stores have a variety of checkout configurations, but almost all stores will have their main checkout area situated close to the entrance/exits. Smaller stores may utilize simple counters, while big-box stores will typically use a conveyor belt system spaced out in separate "lanes" to process orders. Express lanes might limit the type of payment, or number or type of goods, to expedite service. Some department stores may also have checkouts inside of the departments to allow shoppers of that section to pay without going through the main lines. If each checkout station has a separate queue, customers have to guess which line will move the fastest, to minimize their wait times. They are often frustrated to be wrong or be stuck behind another customer who encounters a problem or who takes excessive time to check out. Some stores use a single, much longer but faster-moving line, that is served by multiple registers, which produces the same average wait time, but reduces the frustration and variance in wait time from person to person.[24] Regardless of the configuration, checkout lines usually pass by impulse buy items to grab the attention of otherwise idle customers.
As self-checkout technology has progressed, more retailers of all types have included self-checkout as an option, and in some cases, completely replace traditional cashier-operated checkout lines. Self-checkout kiosks are typically kept together in a 'corral' area adjacent to the regular registers so that shop employees can more easily monitor transactions, though they are also occasionally set up in a more typical "lane" fashion with conveyor belts for loading groceries. More modern implementations of self-checkout include scanning items and paying within a retailer's mobile app, or using RF technology and cameras to detect items at the door and charge the customer's account automatically.
Security
Despite the more advanced technology of a POS system as compared to a simple cash register, the POS system is still vulnerable to employee theft through the sales window. A dishonest cashier at a retail outlet can collude with a friend who pretends to be an ordinary customer. During checkout, the cashier can bypass scanning certain items or enter a lower quantity for some items thus profiting from the "free" goods.
The ability of a POS system to void a closed sale receipt for refund purpose without needing a password from an authorized superior also represents a security loophole. Even a function to issue a receipt with a negative amount which can be useful under certain circumstances, can be exploited by a cashier to easily lift money from the cash drawer.
To prevent such employee theft, it is crucial for a POS system to provide an admin window for the supervisor or administrator to generate and inspect a daily list of sale receipts, especially pertaining to the frequency of cancelled receipts before completion, refunded receipts and negative receipts. This is one effective way to alert the company to any suspicious activity - such as a high number of cancelled sales by a certain cashier - that may be occurring, and to take monitoring action.
To further deter employee theft, the sales counter should also be equipped with a closed-circuit television camera pointed at the POS system to monitor and record all activities.
At the back end, price and other changes like discounts to inventory items through the administration module should be secured with passwords provided to trusted administrators. Any changes made should also be logged and capable of being subsequently retrieved for inspection.
The sale records and inventory are important to the business because they provide useful information to the company in terms of customer preferences, customer membership particulars, what are the top selling products, who are the vendors and what margins the company is getting from them, the company monthly total revenue and cost, among others.
It is important that reports on these matters generated at the administrative back end be restricted to trusted personnel. The database from which these reports are generated should be secured via passwords or via encryption of data stored in the database to prevent copying or tampering.
Despite all such precautions, the POS system can never be entirely watertight in security from internal misuse if a clever, dishonest employee knows how to exploit many of its otherwise useful capabilities.
News reports on POS system hacking show that hackers are more interested in stealing credit card information than anything else. The ease and advantage offered by the ability of a POS system to integrate credit card processing thus have a downside. In 2011, hackers were able to steal credit card data from 80,000 customers because Subway's security and POS configuration standards for PCI compliance - which governs credit card and debit card payment systems security - were "directly and blatantly disregarded" by Subway franchisees.[25]
In June 2016, several hundred of Wendy's fast food restaurants had their POS systems hacked by illegally installed malware.[26] The report goes on to say that "the number of franchise restaurants impacted by these cyber security attacks is now expected to be considerably higher than the 300 restaurants already implicated" and that the "hackers made hundreds of thousands of fraudulent purchases on credit and debit cards issued by various financial institutions after breaching Wendy's computer systems late last year".
These exploits by hackers could only be made possible because payment cards were processed through the POS system allowing the malware to either intercept card data during processing or steal and transmit unencrypted card data that is stored in the system database.
In April 2017, security researchers identified critical vulnerabilities in point of sale systems developed by SAP and Oracle[27] and commented, “POS systems are plagued by vulnerabilities, and incidents occurred because their security drawbacks came under the spotlight.”[28] If successfully exploited, these vulnerabilities provide a perpetrator with access to every legitimate function of the system, such as changing prices, and remotely starting and stopping terminals. To illustrate the attack vector, the researchers used the example of hacking POS to change the price of a MacBook to $1. The security issues were reported to the vendor, and a patch was released soon after the notification. Oracle confirmed[29] security bug affects over 300,000 Oracle POS Systems
In some countries, credit and debit cards are only processed via payment terminals. Thus one may see quite a number of such terminals for different cards cluttering up a sale counter. This inconvenience is offset by the fact that credit and debit card data is far less vulnerable to hackers, unlike when payment cards are processed through the POS system where security is contingent upon the actions taken by end-users and developers.
With the launch of mobile payment, particularly Android Pay and Apple Pay in 2015, it is expected that because of its greater convenience coupled with good security features, this would eventually eclipse other types of payment services – including the use of payment terminals. For mobile payment to go fully mainstream, mobile devices like smartphones that are NFC-enabled must first become universal. This would be a matter of several years from the time of this writing (2017) as more and more models of new smartphones are expected to become NFC-enabled for such a purpose. For instance, iPhone 6 is fully NFC-enabled for mobile payment while iPhone 5 and older models are not. The aforesaid disastrous security risks connected with processing payment card usage through a POS system would then be greatly diminished.
