POS Security

Aside from the day to day management of your business, one of the primary concerns of your POS system integration must be managing the access to information and utilities within the system.

Whether it’s front-of-house users or shift managers completing end-of-day paperwork, you want to be able to identify high-risk behaviors in your restaurant and limit access to those abilities which could lead to theft. Every POS system will have its own methods of administering controls, and, as usual, we will be using POSitouch as our real-world example.

Privileges


POSitouch uses a feature called user privileges which limits the access of particular users or job types to some system features. For example, we may want our managers to have access to every discount available in the system, but we wouldn’t want our serving staff to be tempted to discount orders for their friends or relatives. Using the POSitouch user privileges, we may remove access to all discounts, or specific discounts that could be more harmful, such as full compensation discounts that result in a zero balance check. In some cases, smaller discounts, those not discounting more than 10% of the total cost of a check, may be excluded from these restrictions in order to minimize the time our managers spend applying discounts. Regardless of how much access you want your serving staff and management to have, it’s important to decide for yourself how such access should be distributed to most efficiently run your business. Once you have this knowledge, inquire with your POS dealer what works best for your needs.

Passwords and Mag Cards


POS password protectedIn addition to the limitations imposed by the user privilege codes, most POS systems will allow password protection of key features. Within POSitouch, access to any management screens may be secured via a three-digit password. We also recommend the use of magnetic cards (or mag cards) to further limit access. If your staff is using a simple employee number to clock in and access the system, it doesn’t take much imagination to see another employee spotting the number and using the memorized number to access features they wouldn’t ordinarily be able to access, or simply to use the number to hide their own bad behavior. Through the use of a mag card, only by having that mag card in one’s possession may critical features be accessed, and the possibility of identity theft is greatly reduced. There is, of course, additional cost associated with the use of mag cards, in that the cards themselves must be purchased, but the savings can far outweigh the relatively small investment.

When it comes to paperwork or access of sensitive sales and credit card data, POS systems can provide further safeguards. Much like FOH operations, POSitouch allows for high-level users to password protect individual functions of the back office software, including accessing or editing employee information, sales information and credit card details. You may find specifics regarding credit card security and PCI compliance elsewhere on this site, which we will only acknowledge here as a very important part of any security measures installed in your business. However, part of the PCI compliance is the use of password-protected software which processes and stores your credit card data. Though many may see the use of password protection to be less a help and more of a hindrance in completing the required tasks, remember that this extra step allows an additional layer of security that could mean the difference between the safety of your data and an identity stolen from one of your patrons, and, ultimately, a lawsuit on your doorstep.

Usage Reports


Finally, inherent in POSitouch is the ability to run a report on manager function usage titled the Manager Activity Report. This report lists all deletes, discounts, table transfers, opened drawers and many other functions. It separates and organizes the activity by date, check number and by the employee using the function. We always recommend that owners reference this report every week or two to identify patterns in discounts or comps that could highlight unethical behavior within your business. While no one wants to presume that the staff is behaving in potentially illegal behavior, a report such as this provides a thorough tool to ensure that no money is being lost through malicious activity within the restaurant.

When it comes to security, no one solution works for all environments. As always, be sure you identify for yourself what security measures are required for your business and communicate that to your POS dealer. Further, many business owners have come up with unique ideas on securing data and behaviors. We’d love to hear yours!