16 August 2016

Cash Registers: Safe Systems

Protection from data manipulation

Electronic cash registers in the retail sector are closed systems. This protects them from data manipulation. But why?

In the past, shop tills were equipped with an alarm to deter thieves. These have long since been replaced by state-of-the-art electronic terminals. But these, too, need to be protected from unauthorised (data) access, and in particular from tax fraud achieved by means of till manipulation. This is an issue that German policymakers at the regional and national levels are currently tackling. METRO Cash & Carry serves as an example of how cash registers are protected against being manipulated.


Strict access arrangements

All METRO Cash & Carry cash registers are part of a separate own network – this closed system cannot be accessed from outside, nor can it be accessed in the stores themselves. Although thousands of employees use the cash registers daily and enter data, they are unable to subsequently access or manipulate this data. Not even the store managers can access the system.


The only people who can legitimately access the till system, data and programs, are the technicians, and their activities are subject to a clearly defined and logged approval process. The administrative team logs in remotely when it needs to carry out maintenance or remedy a malfunction. The system has twofold protection in the event that any other unauthorised persons attempt to get into it: firstly from the access restrictions inherent in the ‘METRO Point of Sale’ (MPOS) software and secondly thanks to continuous data traffic, which would immediately Highlight any Manipulation.


Continuous data exchange

Four important organisational divisions are connected to the cash registers. When a customer pays for their items, all the data involved goes to a central data warehouse. At the same time, all payment transactions are logged centrally by the main register. The merchandise management system is also involved, with the stock figures being updated and new stocks being ordered. And last, but not least, the customer management division requires some information. Customer discounts are based on the sales already effected, for example. This information is likewise continuously updated and compared.    


Should someone modify any cash register data, either accidentally or intentionally, the data records at various levels will suddenly no longer tally. This is what’s known as data inconsistency: invalid inventory data crops up in the merchandise management system and the daily takings logged by the main register are incorrect. The customer management division also quickly sees errors appearing in its discount or bonus system. In other words, cash register manipulation does not go unnoticed for long in such a well-connected system landscape.


Secure retail

METRO AG makes use of similar systems at Real and also at Media Markt and Saturn. Other major retail chains likewise have closed systems that prevent cash register transaction data from being manipulated. As such, Germany’s major retailers are well equipped both technically and financially to combat data manipulation. More than anything else, new cash register retrofitting or upgrading requirements would be costly and would not increase security or tax revenues.

Cash register

Related Articles