The point of sale (POS) or point of purchase (POP) is the time and place where a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer (which may be a cash register printout), and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt for the transaction, which is usually printed but can also be dispensed with or sent electronically.
To calculate the amount owed by a customer, the merchant may use various devices such as weighing scales, barcode scanners, and cash registers (or the more advanced "POS cash registers", which are sometimes also called "POS systems"). To make a payment, payment terminals, touch screens, and other hardware and software options are available.
The point of sale is often referred to as the point of service because it is not just a point of sale but also a point of return or customer order. POS terminal software may also include features for additional functionality, such as inventory management, CRM, financials, or warehousing.
Businesses are increasingly adopting POS systems, and one of the most obvious and compelling reasons is that a POS system eliminates the need for price tags. Selling prices are linked to the product code of an item when adding stock, so the cashier merely scans this code to process a sale. If there is a price change, this can also be easily done through the inventory window. Other advantages include the ability to implement various types of discounts, a loyalty scheme for customers, and more efficient stock control. These features are typical of almost all modern ePOS systems.
Retailers and marketers will often refer to the area around the checkout instead as the point of purchase (POP) when they are discussing it from the retailer's perspective. This is particularly the case when planning and designing the area as well as when considering a marketing strategy and offers.
Some point of sale vendors refer to their POS system as "retail management system" which is a more appropriate term, since this software is not just for processing sales but comes with many other capabilities, such as inventory management, membership system, supplier record, bookkeeping, issuing of purchase orders, quotations and stock transfers, hide barcode label creation, sale reporting and in some cases remote outlets networking or linkage, to name some major ones.
Nevertheless, it is the term POS system rather than retail management system that is in vogue among both end-users and vendors.
The basic, fundamental definition of a POS System, is a system which allows the processing and recording of transactions between a company and their consumers, at the time in which goods and/or services are purchased.
Early electronic cash registers (ECR) were controlled with proprietary software and were limited in function and communication capability. In August 1973, IBM released the IBM 3650 and 3660 store systems that were, in essence, a mainframe computer used as a store controller that could control up to 128 IBM 3653/3663 point of sale registers. This system was the first commercial use of client-server technology, peer-to-peer communications, local area network (LAN) simultaneous backup, and remote initialization. By mid-1974, it was installed in Pathmark stores in New Jersey and Dillard's department stores.
One of the first microprocessor-controlled cash register systems was built by William Brobeck and Associates in 1974, for McDonald's Restaurants. It used the Intel 8008, an early microprocessor (forerunner to the Intel 8088 processor used in the original IBM Personal Computer). Each station in the restaurant had its own device which displayed the entire order for a customer — for example,  Vanilla Shake,  Large Fries,  BigMac — using numeric keys and a button for every menu item. By pressing the [Grill] button, a second or third order could be worked on while the first transaction was in progress. When the customer was ready to pay, the [Total] button would calculate the bill, including sales tax for almost any jurisdiction in the United States. This made it accurate for McDonald's and very convenient for the servers and provided the restaurant owner with a check on the amount that should be in the cash drawers. Up to eight devices were connected to one of two interconnected computers so that printed reports, prices, and taxes could be handled from any desired device by putting it into Manager Mode. In addition to the error-correcting memory, accuracy was enhanced by having three copies of all important data with many numbers stored only as multiples of 3. Should one computer fail, the other could handle the entire store.
In 1986, Eugene "Gene" Mosher introduced the first graphical point of sale software featuring a touchscreen interface under the ViewTouch trademark on the 16-bit Atari 520ST color computer. It featured a color touchscreen widget-driven interface that allowed configuration of widgets representing menu items without low level programming. The ViewTouch point of sale software was first demonstrated in public at Fall Comdex, 1986, in Las Vegas Nevada to large crowds visiting the Atari Computer booth. This was the first commercially available POS system with a widget-driven color graphic touch screen interface and was installed in several restaurants in the US and Canada.
In 1986, IBM introduced its 468x series of POS equipment based on Digital Research's Concurrent DOS 286 and FlexOS 1.xx, a modular real-time multi-tasking multi-user operating system.
A wide range of POS applications have been developed on platforms such as Windows and Unix. The availability of local processing power, local data storage, networking, and graphical user interface made it possible to develop flexible and highly functional POS systems. Cost of such systems has also declined, as all the components can now be purchased off-the-shelf.
In 1993, IBM adopted FlexOS 2.32 as the basis of their IBM 4690 OS in their 469x series of POS terminals. This was developed up to 2014 when it was sold to Toshiba, who continued to support it up to at least 2017.
As far as computers are concerned, off-the-shelf versions are usually newer, hence more powerful than proprietary POS terminals. Custom modifications are added as needed. Other products, like touchscreen tablets and laptops, are readily available in the market, and they are more portable than traditional POS terminals. The only advantage of the latter is that they are typically built to withstand rough handling and spillages, a benefit for food & beverage businesses.
The key requirements that must be met by modern POS systems include high and consistent operating speed, reliability, ease of use, remote supportability, low cost, and rich functionality. Retailers can reasonably expect to acquire such systems (including hardware) for about $4000 US (as of 2009) per checkout lane.
Reliability depends not wholly on the developer but at times on the compatibility between a database and an OS version. For example, the widely used Microsoft Access database system had a compatibility issue when Windows XP machines were updated to a newer version of Windows. Microsoft offered no immediate solution. Some businesses were severely disrupted in the process, and many downgraded back to Windows XP for a quick resolution. Other companies utilized community support, for a registry tweak solution has been found for this.[unreliable source]
POS systems are one of the most complex software systems available because of the features that are required by different end users. Many POS systems are software suites that include sale, inventory, stock counting, vendor ordering, customer loyalty and reporting modules. Sometimes purchase ordering, stock transferring, quotation issuing, barcode creating, bookkeeping or even accounting capabilities are included. Each of these modules is interlinked if they are to serve their practical purpose and maximize their usability.
For instance, the sale window is immediately updated on a new member entry through the membership window because of this interlinking. Similarly, when a sale transaction is made, any purchase by a member is on record for the membership window to report providing information like payment type, goods purchased, date of purchase and points accumulated. Comprehensive analysis performed by a POS machine may need to process several qualities about a single product, like selling price, balance, average cost, quantity sold, description and department. Highly complex programming is involved (and possibly considerable computer resources) to generate such extensive analyses.
POS systems are designed not only to serve the retail, wholesale and hospitality industries as historically is the case. Currently POS systems are also used in goods and property leasing businesses, equipment repair shops, healthcare management, ticketing offices such as cinemas and sports facilities and many other operations where capabilities such as the following are required: processing monetary transactions, allocation and scheduling of facilities, keeping record and scheduling services rendered to customers, tracking of goods and processes (repair or manufacture), invoicing and tracking of debts and outstanding payments.
Different customers have different expectations within each trade. The reporting functionality alone is subject to so many demands, especially from those in the retail/wholesale industry. To cite special requirements, some business's goods may include perishables and hence the inventory system must be capable of prompting the admin and cashier on expiring or expired products. Some retail businesses require the system to store credit for their customers, credit which can be used subsequently to pay for goods. A few companies expect the POS system to behave like a full-fledged inventory management system, including the ability to provide FIFO (First In First Out) and LIFO (Last In First Out), reports of their goods for accounting and tax purposes.
In the hospitality industry, POS system capabilities can also diverge significantly. For instance, while a restaurant is typically concerned about how the sale window functions: whether it has functionality such as creating item buttons, various discounts, adding a service charge, holding of receipts, queuing, table service as well as takeaways, merging and splitting of a receipt. These capabilities may be insufficient for a spa or slimming center which would require, in addition, a scheduling window with historical records of customers' attendance and their special requirements.
A POS system can be made to serve different purposes to different end users depending on their business processes. Often an off-the-shelf POS system is inadequate for customers. Some customization is required, and this is why a POS system can become very complex. The complexity of a mature POS system extends to remote networking or interlinking between remote outlets and the HQ such that updating both ways is possible. Some POS systems offer the linking of web-based orders to their sale window. Even when local networking is only required (as in the case of a high-traffic supermarket), there is the ever-present challenge for the developer to keep most if not all of their POS stations running. This puts high demand not just on software coding but also designing the whole system covering how individual stations and the network work together, and special consideration for the performance capability and usage of databases. Due to such complexity, bugs and errors encountered in POS systems are frequent.
With regards to databases, POS systems are very demanding on their performance because of numerous submissions and retrievals of data - required for correct sequencing the receipt number, checking various discounts, membership, calculating subtotal, so forth - just to process a single sale transaction. The immediacy required of the system on the sale window such as may be observed at a checkout counter in a supermarket cannot be compromised. This places much stress on individual enterprise databases if there are just several tens of thousands of sale records in the database. Enterprise database Microsoft SQL Server, for example, has been known to freeze up (including the OS) entirely for many minutes under such conditions showing a "Timeout Expired" error message. Even a lighter database like Microsoft Access will slow to a crawl over time if the problem of database bloating is not foreseen and managed by the system automatically. Therefore, the need to do extensive testing, debugging and improvisation of solutions to preempt failure of a database before commercial implementation complicates the development.
POS system accuracy is demanding, given that monetary transactions are involved continuously not only via the sale window but also at the back end through the receiving and inputting of goods into the inventory. Calculations required are not always straightforward. There may be many discounts and deals that are unique to specific products, and the POS machine must quickly process the differences and the effect on pricing. There is much complexity in the programming of such operations, especially when no error in calculation can be allowed.
Other requirements include that the system must have functionality for membership discount and points accumulation/usage, quantity and promotional discounts, mix and match offers, cash rounding up, invoice/delivery-order issuance with outstanding amount. It should enable a user to adjust the inventory of each product based on physical count, track expiry of perishable goods, change pricing, provide audit trail when modification of inventory records is performed, be capable of multiple outlet functionality, control of stocks from HQ, doubling as an invoicing system, just to name some.
It is clear that POS system is a term that implies a wide range of capabilities depending on the end-user requirements. POS system review websites cannot be expected to cover most let alone all the features. Unless one is a developer, it is unrealistic to expect the reviewer to know all the aspects of a POS system. For instance, a POS system might work smoothly on a test database during the review but not when the database grows significantly in size over months of usage. And this is only one among many hidden critical functionality issues of a POS system.
Vendors and retailers are working to standardize development of computerized POS systems and simplify interconnecting POS devices. Two such initiatives were OPOS and JavaPOS, both of which conform to the UnifiedPOS standard led by The National Retail Foundation.
OPOS (OLE for POS) was the first commonly adopted standard and was created by Microsoft, NCR Corporation, Epson and Fujitsu-ICL. OPOS is a COM-based interface compatible with all COM-enabled programming languages for Microsoft Windows. OPOS was first released in 1996. JavaPOS was developed by Sun Microsystems, IBM, and NCR Corporation in 1997 and first released in 1999. JavaPOS is for Java what OPOS is for Windows, and thus largely platform independent.
There are several communication ways POS systems use to control peripherals such as:
There are also nearly as many proprietary protocols as there are companies making POS peripherals. Most POS peripherals, such as displays and printers, support several of these command protocols to work with many different brands of POS terminals and computers.
The design of the sale window is the most important one for the user. This user interface is highly critical when compared to those in other software packages such as word editors or spreadsheet programs where the speed of navigation is not so crucial for business performance.
For businesses at prime locations where real estate is at a premium, it can be common to see a queue of customers. The faster a sale is completed the shorter the queue time which improves customer satisfaction, the less space it takes, which benefits shoppers and staff. High-traffic operations such as grocery outlets and cafes need to process sales quickly at the sales counter so the UI flow is often designed with as few popups or other interruptions to ensure the operator isn't distracted and the transaction can be processed as quickly as possible.
Although improving the ergonomics is possible, a clean, fast-paced look may come at the expense of sacrificing functions that are often wanted by end-users such as discounts, access to commission earned screens, membership and loyalty schemes can involve looking at a different function of the POS to ensure the point of sale screen contains only what a cashier needs at their disposal to serve customers.
The advent of cloud computing has given birth to the possibility of electronic point of sale (EPOS) systems to be deployed as software as a service, which can be accessed directly from the Internet using any internet browser. Using the previous advances in the communication protocols for POS's control of hardware, cloud-based POS systems are independent from platform and operating system limitations. EPOS systems based in the cloud (most small-business POS today) are generally subscription-based, which includes ongoing customer support.
Compared to regular cash registers (which tend to be significantly cheaper but only process sales and prints receipts), POS systems include automatic updating of the inventory library stock levels when selling products, real-time reports accessible from a remote computer, staff timesheets and a customer library with loyalty features.[clarification needed][clarification needed]
Cloud-based POS systems are also created to be compatible with a wide range of POS hardware and sometimes tablets such as Apple's iPad. Thus cloud-based POS also helped expand POS systems to mobile devices, such as tablet computers or smartphones.
These devices can also act as barcode readers using a built-in camera and as payment terminals using built-in NFC technology or an external payment card reader. A number of POS companies built their software specifically to be cloud-based. Other businesses who launched pre-2000s have since adapted their software to evolving technology.
Cloud-based POS systems are different from traditional POS largely because user data, including sales and inventory, are not stored locally, but in a remote server. The POS system is also not run locally, so there is no installation required.
Depending on the POS vendor and the terms of contract, compared to traditional on-premises POS installation, the software is more likely to be continually updated by the developer with more useful features and better performance in terms of computer resources at the remote server and in terms of fewer bugs and errors.
Other advantages of a cloud-based POS are instant centralization of data (important especially to chain stores), ability to access data from anywhere there is internet connection, and lower start-up costs.
Cloud based POS requires an internet connection. For this reason it important to use a device with 3G connectivity in case the device's primary internet goes down. In addition to being significantly less expensive than traditional legacy point of sale systems, the real strength of a cloud based point of sale system is that there are many developers creating software applications for cloud-based POS. Cloud-based POS systems are often described[by whom?] as future proof as new applications are constantly being conceived and built.
A number of noted emerging cloud-based POS systems came on the scene less than a decade or even half a decade back. These systems are usually designed for restaurants, small and medium-sized retail operations with fairly simple sale processes as can be culled from POS system review sites. It appears from such software reviews that enterprise-level cloud-based POS systems are currently lacking in the market. "Enterprise-level" here means that the inventory should be capable of handling a large number of records, such as required by grocery stores and supermarkets. It can also mean that the system software and cloud server must be capable of generating reports such as analytics of sale against inventory for both a single and multiple outlets that are interlinked for administration by the headquarters of the business operation.
POS vendors of such cloud based systems should also have a strong contingency plan for the breakdown of their remote server such as represented by fail-over server support. Sometimes a major data center can fail completely, such as in a fire. On-premises installations are therefore sometimes seen alongside cloud-based implementation to preempt such incidents, especially for businesses with high traffic. The on-premises installations may not have the most up-to-date inventory and membership information.
For such contingency, a more innovative though highly complex approach for the developer is to have a trimmed down version of the POS system installed on the cashier computer at the outlet. On a daily basis the latest inventory and membership information from the remote server is automatically updated into the local database. Thus should the remote server fail, the cashier can switch over to the local sale window without disrupting sales. When the remote server is restored and the cashier switches over to the cloud system, the locally processed sale records are then automatically submitted to the remote system, thus maintaining the integrity of the remote database.
Although cloud-based POS systems save the end-user startup cost and technical challenges in maintaining an otherwise on-premises installation, there is a risk that if the cloud-based vendor closes down it may result in more immediate termination of services for the end-user compared to the case of a traditional full on-premises POS system where it can still run without the vendor.
Another consideration is that a cloud-based POS system actually exposes business data to service providers - the hosting service company and the POS vendor which have access to both the application and database. The importance of securing critical business information such as supplier names, top selling items, customer relationship processes cannot be underestimated given that sometimes the few key success factors or trade secrets of a business are actually accessible through the POS system. This security and privacy concern is an ongoing issue in cloud computing.
Main article: Retail
The retail industry is one of the predominant users of POS terminals. A retail point of sale system typically includes a cash register (which in recent times comprises a computer, monitor, cash drawer, receipt printer, customer display and a barcode scanner) and the majority of retail POS systems also include a debit/credit card reader. It can also include a conveyor belt, checkout divider, weight scale, integrated credit card processing system, a signature capture device and a customer pin pad device. While the system may include a keyboard and mouse, more and more POS monitors use touch-screen technology for ease of use, and a computer is built into the monitor chassis for what is referred to as an all-in-one unit. All-in-one POS units liberate counter space for the retailer. The POS system software can typically handle a myriad of customer based functions such as sales, returns, exchanges, layaways, gift cards, gift registries, customer loyalty programs, promotions, discounts and much more. POS software can also allow for functions such as pre-planned promotional sales, manufacturer coupon validation, foreign currency handling and multiple payment types.
The POS unit handles the sales to the consumer but it is only one part of the entire POS system used in a retail business. "Back-office" computers typically handle other functions of the POS system such as inventory control, purchasing, receiving and transferring of products to and from other locations. Other typical functions of a POS system are: store sales information for enabling customer returns, reporting purposes, sales trends and cost/price/profit analysis. Customer information may be stored for receivables management, marketing purposes and specific buying analysis. Many retail POS systems include an accounting interface that "feeds" sales and cost of goods information to independent accounting applications.
A multiple point of sale system used by big retailers like supermarkets and department stores has a far more demanding database and software architecture than that of a single station seen in small retail outlets. A supermarket with high traffic cannot afford a systemic failure, hence each point of sale station should not only be very robust both in terms of software, database and hardware specifications but also designed in such a way as to prevent causing a systemic failure - such as may happen through the use of a single central database for operations.
At the same time updating between multiple stations and the back end administrative computer should be capable of being efficiently performed, so that on one hand either at the start of the day or at any time each station will have the latest inventory to process all items for sale, while on the other hand at the end of the day the back end administrative computer can be updated in terms of all sale records.
This gets even more complicated when there is a membership system requiring real-time two-way updating of membership points between sale stations and the back end administrative computer.
Retail operations such as hardware stores, lumber yards, electronics stores and so-called multifaceted superstores need specialized additional features compared to other stores. POS software in these cases handles special orders, purchase orders, repair orders, service and rental programs as well as typical point of sale functions. Rugged hardware is required for point of sale systems used in outdoor environments. Wireless devices, battery powered devices, all-in-one units, and Internet-ready machines are typical in this industry.
Recently new applications have been introduced, enabling POS transactions to be conducted using mobile phones and tablets. According to a recent study, mobile POS (mPOS) terminals are expected to replace the contemporary payment techniques because of various features including mobility, upfront low cost investment and better user experience.
In the mid-2000s, the blind community in the United States engaged in structured negotiations to ensure that retail point of sale devices had tactile keypads. Without keys that can be felt, a blind person cannot independently enter her or his PIN. In the mid-2000s retailers began using "flat screen" or "signature capture" devices that eliminated tactile keypads. Blind people were forced to share their confidential PIN with store clerks to use their debit and other PIN-based cards. The blind community reached agreement with Walmart, Target, CVS and eight other retailers that required real physical keys so blind people could use the devices.
Early stores typically kept merchandise behind a counter. Staff would fetch items for customers to prevent the opportunity for theft and sales would be made at the same counter. Self-service grocery stores such as Piggly Wiggly, beginning in 1916, allowed customers to fetch their own items and pass the point of sale enroute to the exit.
Many stores have a number of checkout stations. Some stations may have an automated cashier (self-checkout). Express lanes might limit the type of payment, or number or type of goods, to expedite service. If each checkout station has a separate queue, customers have to guess which line will move the fastest, to minimize their wait times. They are often frustrated to be wrong or be stuck behind another customer who encounters a problem or who takes excessive time to check out. Some stores use a single, much longer but faster-moving line, that is served by multiple registers, which produces the same average wait time, but reduces the frustration and variance in wait time from person to person. Regardless of the configuration, checkout lines usually pass by impulse buy items to grab the attention of otherwise idle customers.
Main article: Hospitality industry
Hospitality point of sale systems are computerized systems incorporating registers, computers and peripheral equipment, usually on a computer network to be used in restaurants, hair salons or hotels. Like other point of sale systems, these systems track sales, labor, payroll and can generate records used in accounting and bookkeeping. They may be accessed remotely by restaurant corporate offices, troubleshooters and other authorized parties.
Point of sale systems have revolutionized the restaurant industry, particularly in the fast food sector. In the most recent technologies, registers are computers, sometimes with touch screens. The registers connect to a server, often referred to as a "store controller" or a "central control unit". Printers and monitors are also found on the network. Additionally, remote servers can connect to store networks and monitor sales and other store data.
Typical restaurant POS software is able to create and print guest checks, print orders to kitchens and bars for preparation, process credit cards and other payment cards, and run reports. In addition, some systems implement wireless pagers and electronic signature-capture devices.
In the fast food industry, displays may be at the front counter, or configured for drive-through or walk-through cashiering and order taking. Front counter registers allow taking and serving orders at the same terminal, while drive-through registers allow orders to be taken at one or more drive-through windows, to be cashiered and served at another. In addition to registers, drive-through and kitchen displays are used to view orders. Once orders appear they may be deleted or recalled by the touch interface or by bump bars. Drive-through systems are often enhanced by the use of drive-through wireless (or headset) intercoms. The efficiency of such systems allows decreased service times and increased efficiency of orders.
Another innovation in technology for the restaurant industry is wireless POS. Many restaurants with high volume use wireless handheld POS to collect orders which are sent to a server. The server sends required information to the kitchen in real time. Wireless systems consist of drive-through microphones and speakers (often one speaker will serve both purposes), which are wired to a "base station" or "center module." This, in turn, will broadcast to headsets. Headsets may be an all-in-one headset, or one connected to a belt pack.
With the development of the mobile technology, Cloud-based POS system are also put forward to increase the efficiency of some restaurants, integrated with some latest software services such as scan QR code to order by customers themselves. It leads to a new style of offline restaurants dine-in.
In hotels, POS software allows for transfer of meal charges from dining room to guest room with a button or two. It may also need to be integrated with property management software.
Newer, more sophisticated systems are departing from the central database "file server" type system and going to what is called a "cluster database". This eliminates any crashing or system downtime that can be associated with the back office file server. This technology allows 100% of the information to not only be stored, but also pulled from the local terminal, thus eliminating the need to rely on a separate server for the system to operate.
Tablet POS systems popular for retail solutions are now available for the restaurant industry. Initially these systems were not sophisticated and many of the early systems did not support a remote printer in the kitchen. Tablet systems today are being used in all types of restaurants including table service operations. Most tablet systems upload all information to the Internet so managers and owners can view reports from anywhere with a password and Internet connection. Smartphone Internet access has made alerts and reports from the POS very accessible. Tablets have helped create the Mobile POS system, and Mobile POS applications also include payments, loyalty, online ordering, table side ordering by staff and table top ordering by customers. Regarding the payments, mobile POS can accept all kinds of payment methods from contactless cards, EMV chip-enabled cards, and mobile NFC enabled cards. Mobile POS (AKA mPOS) is growing quickly with new developers entering the market almost on a daily basis.
With the proliferation of low-priced touchscreen tablet computers, more restaurants have implemented self-ordering through a tablet POS placed permanently on every table. Customers can browse through the menu on the tablet and place their orders which are then sent to the kitchen. Most restaurants that have iPad self-order menus include photos of the dishes so guests can easily choose what they want to order. This apparently improves service and saves manpower on the part of the restaurant. However this depends on how intelligently the system has been programmed to be.
As a case in point, some self-ordering systems not requiring staff assistance may not properly recognize a subsequent order from the same customer at a table. As a result, the customer is left waiting and wondering why his second order of food and drink is not being served.
Another example of how intelligent the system can be, is whether an order that has been placed but not yet been processed by the kitchen can be modified by the customer through the tablet POS. For such an unprocessed order the customer should be given the option to easily retrieve the order and modify it on the tablet POS. When the order is being processed this function should be automatically disabled.
Self-ordering systems are not always free completely from intervention by the staff and for some good reasons. For example, some restaurants require that items selected by the customers be attended to and can only be placed by the waiter who has the password required to do so. This prevents fake orders - such as may be entered by playful kids - and subsequent dispute on the items ordered. If alcoholic beverages are ordered, it is necessary for the waiter to verify the customer's age before sending the order.
The technical specifications for implementing such self-ordering system are more demanding than a single cashier-controlled POS station. On the software and hardware side each tablet on a customer table has to be networked to the cashier POS station and the kitchen computer so that both are continually updated on orders placed. The common database that serves this network must also be capable of serving many concurrent users - cashier, customers, kitchen and perhaps a drink bar.
It is to be noted by developers that some databases such as popularly-used Microsoft Access may have the specifications that it is capable of usage by multiple concurrent users. However, under the stress of a POS system, they can fail miserably resulting in constant errors and corruption of data.
POS systems are often designed for a variety of clients, and can be programmed by the end users to suit their needs. Some large clients write their own specifications for vendors to implement. In some cases, POS systems are sold and supported by third-party distributors, while in other cases they are sold and supported directly by the vendor.
The selection of a restaurant POS system is critical to the restaurant's daily operation and is a major investment that the restaurant's management and staff must endure for many years. The restaurant POS system interfaces with all phases of the restaurant operation, and with everyone that is involved with the restaurant including guests, suppliers, employees, managers and owners. The selection of a restaurant POS system is a complex process that should be undertaken by the restaurant owner and not delegated to an employee. The purchase process can be summarized in three steps: Design, Compare and Negotiate. The Design step requires research to determine which restaurant POS features are needed for the restaurant operation. With this information the restaurant owner or manager can Compare various restaurant POS solutions to determine which POS systems meet their requirements. The final step is to Negotiate the price, payment terms, included training, initial warranty and ongoing support costs.
Main article: Automated sales suppression device
POS systems record sales for business and tax purposes. Illegal software dubbed "zappers" can be used on POS devices to falsify these records with a view to evading the payment of taxes.
In some countries, legislation is being introduced to make cash register systems more secure. For example, the French treasury is estimated to be failing to collect approximately €14 billion of VAT revenue each year. The Finance Bill of 2016 was intended to address some of this loss by making it compulsory for taxpayers to operate on “secure systems”. Therefore, from 1 January 2018, all retail businesses in France are required to record customer payments using certified secure accounting software or cash register systems.
A certified cash register system must provide for the (i) incommutable, (ii) security and (iii) storage and archiving of data. All businesses required to comply must obtain a certificate from the cash register system provider which certifies that the system meets these requirements. This is because VAT taxpayers may need to provide a certificate to the tax authorities showing that their cash management system fulfills the new requirements.
If the business cannot provide this certificate to the tax authorities, they may be fined. And, if the tax authorities can demonstrate fraudulent use of the system, both the business and the software provider can face tax penalties, fines, and criminal sanctions. Certification can be obtained either from: a body accredited by the French Accreditation Committee (Comité français d’accréditation or COFRAC) or the software provider of the cash register system.
Despite the more advanced technology of a POS system as compared to a simple cash register, the POS system is still vulnerable to employee theft through the sales window. A dishonest cashier at a retail outlet can collude with a friend who pretends to be an ordinary customer. During checkout, the cashier can bypass scanning certain items or enter a lower quantity for some items thus profiting from the "free" goods.
The ability of a POS system to void a closed sale receipt for refund purpose without needing a password from an authorized superior also represents a security loophole. Even a function to issue a receipt with a negative amount which can be useful under certain circumstances, can be exploited by a cashier to easily lift money from the cash drawer.
To prevent such employee theft, it is crucial for a POS system to provide an admin window for the supervisor or administrator to generate and inspect a daily list of sale receipts, especially pertaining to the frequency of cancelled receipts before completion, refunded receipts and negative receipts. This is one effective way to alert the company to any suspicious activity - such as a high number of cancelled sales by a certain cashier - that may be occurring, and to take monitoring action.
To further deter employee theft, the sales counter should also be equipped with a closed-circuit television camera pointed at the POS system to monitor and record all activities.
At the back end, price and other changes like discounts to inventory items through the administration module should be secured with passwords provided to trusted administrators. Any changes made should also be logged and capable of being subsequently retrieved for inspection.
The sale records and inventory are important to the business because they provide useful information to the company in terms of customer preferences, customer membership particulars, what are the top selling products, who are the vendors and what margins the company is getting from them, the company monthly total revenue and cost, among others.
It is important that reports on these matters generated at the administrative back end be restricted to trusted personnel. The database from which these reports are generated should be secured via passwords or via encryption of data stored in the database to prevent copying or tampering.
Despite all such precautions, the POS system can never be entirely watertight in security from internal misuse if a clever, dishonest employee knows how to exploit many of its otherwise useful capabilities.
News reports on POS system hacking show that hackers are more interested in stealing credit card information than anything else. The ease and advantage offered by the ability of a POS system to integrate credit card processing thus have a downside. In 2011, hackers were able to steal credit card data from 80,000 customers because Subway's security and POS configuration standards for PCI compliance - which governs credit card and debit card payment systems security - were "directly and blatantly disregarded" by Subway franchisees.
In June 2016, several hundred of Wendy's fast food restaurants had their POS systems hacked by illegally installed malware. The report goes on to say that "the number of franchise restaurants impacted by these cyber security attacks is now expected to be considerably higher than the 300 restaurants already implicated" and that the "hackers made hundreds of thousands of fraudulent purchases on credit and debit cards issued by various financial institutions after breaching Wendy's computer systems late last year".
These exploits by hackers could only be made possible because payment cards were processed through the POS system allowing the malware to either intercept card data during processing or steal and transmit unencrypted card data that is stored in the system database.
In April 2017, security researchers identified critical vulnerabilities in point of sale systems developed by SAP and Oracle and commented, “POS systems are plagued by vulnerabilities, and incidents occurred because their security drawbacks came under the spotlight.” If successfully exploited, these vulnerabilities provide a perpetrator with access to every legitimate function of the system, such as changing prices, and remotely starting and stopping terminals. To illustrate the attack vector, the researchers used the example of hacking POS to change the price of a MacBook to $1. The security issues were reported to the vendor, and a patch was released soon after the notification. Oracle confirmed security bug affects over 300,000 Oracle POS Systems
In some countries, credit and debit cards are only processed via payment terminals. Thus one may see quite a number of such terminals for different cards cluttering up a sale counter. This inconvenience is offset by the fact that credit and debit card data is far less vulnerable to hackers, unlike when payment cards are processed through the POS system where security is contingent upon the actions taken by end-users and developers.
With the launch of mobile payment, particularly Android Pay and Apple Pay in 2015, it is expected that because of its greater convenience coupled with good security features, this would eventually eclipse other types of payment services – including the use of payment terminals. For mobile payment to go fully mainstream, mobile devices like smartphones that are NFC-enabled must first become universal. This would be a matter of several years from the time of this writing (2017) as more and more models of new smartphones are expected to become NFC-enabled for such a purpose. For instance, iPhone 6 is fully NFC-enabled for mobile payment while iPhone 5 and older models are not. The aforesaid disastrous security risks connected with processing payment card usage through a POS system would then be greatly diminished.
((cite web)): CS1 maint: url-status (link)