Hey remember how Target got hacked and managed to give up a metric boatload of credit card info? Apparently the malware that did that has reportedly infected over one thousand businesses across the US. Including some UPS stores. So I guess you should go log in to your various credit card accounts and see if you, too, just maxed out your cards to buy power tools or Jack in the Box gift cards. Unless you really did, then good luck chop sawing that bacon ultimate cheeseburger.

The main vector for this attack is to hit poorly configured remote access software on the POS computers at the business. This software is a boon when a business needs help but tech support is a ways away. However, if it’s not setup properly, it’s relatively straightforward for someone to try to brute force their way in. And once the thief has access, they can install software that captures credit card data during transaction and sends it off to be sold to the highest bidder.

There are some ways to mitigate these issues, or eliminate them. I’ll list them out in terms of most to least brutal:

  1. Don’t take cards anymore: If you want to be hack free, just stop taking and processing cards. This is probably the easiest way to eliminate the vulnerability, but it’s also the easiest way to lose a ton of business. I’ve seen it work in tiny shops, usually places where people wouldn’t want to use their cards anyway. Most of the time it’s funky night clubs or tackle shops. This is a remarkably draconian way to protect yourself. But it’s an option. It’s not one I recommend at all.
  2. Switch to a standalone terminal: This separates your payment processing from your POS system, all but eliminating the possibility of malware getting installed that can scrape credit card data. Unfortunately, this also means you go through the sale on your POS system, then go through a separate path to enter in payment information. You can also get errors, like if someone types in a charge of $21.15 on the terminal instead of $12.15. It’s not something that’ll happen often, but something to concern yourself with.
  3. Lock down your POS System: The system should be locked down before you even receive it. We do that with the systems we ship out; the firewall is setup during configuration, and we don’t install remote access anything on them. If your POS system provider has installed remote access software, call them up like right now and ask them how secure it is. I bet they’ll tell you it’s super secure. Then have them make it more secure. Or make it even more secure by uninstalling it.
  4. Switch to encrypted card reading: Most POS and card processing software should support this by now, where the credit card data is encrypted by the card reader before it’s even sent to your computer. This doesn’t make you completely safe; if you have the malware on your system the thieves still end up with a big pile of data that *could* be turned into credit card info with enough work. But it’s super tough to get the encryption key, and it’s probably tough to brute force it. So it does slow down the process, and sometimes that’s all you need.

Three and four are pretty close in terms of easiness, I’d recommend doing both really. Definitely do three. That’s a great one. There’s no reason any third party company you work with should have unfettered access to your system. Even if you have to click a “yes I need help” button to initiate the connection, having the software on there is just opening you up to a world of hurt. When we help customers remotely, they have to log in to a service online, no software is installed on their computer at all. And when we’re done, there’s no way for us to reconnect. As it should be.

As for encrypted card reading, if your credit card processing company allows for encrypted card reading, and your software supports it, GO FOR IT. Seriously. The encrypted card readers are cheap, and sometimes the card processor will give you one for free. It limits your surface area of vulnerability somewhat, which helps them on insurance fees, I’d imagine.

Credit card security is vital. So vital that card processors are going to transition to the more secure Chip & PIN method in the next year or so. In that instance, you can’t run the card unless you physically have the original card. I didn’t put it in the list of options since not everyone has a Chip & PIN card yet.

Symbol CS4070

August 6, 2014

CS4070-SR-remote-frontCompanion scanning is blowing up! There are more than a few scanners out on the market, and now there’s a new one from Motorola. It’s the Symbol CS4070, I guess they’re going back to their roots now that Zebra is buying them. And it kind of makes sense; at this point there are 3 different Motorola companies: one potentially owned by Zebra, one owned by Google/Lenovo, and one out on its own. And the Symbol LS2208 never got Motorolasized, so there’s a precedent.

Anyway, the Symbol CS4070 is their 2D companion scanner, designed for mobile POS, bed-side scanning in health care environments, and more. It’s available in a standard black model, as well as a white model made with health care plastics, so there’s one for before or after Labor Day. These scanners use the same scan engine that is in their DS4800, so you have a pretty tremendous scan range, pretty comparable to a linear imager. They run in Bluetooth mode for pairing to iPhones, Android devices, or other Bluetooth devices, or you can set it up as a batch device to connect to your PC and download spreadsheets of scanned data. It’s very much like the CS3070 but on steroids.

We were able to test out a beta unit for a few weeks, and it’s really a great scanner. I’ve been told that the performance will improve with the production models, which just seems like a bonus.

The unit I received came with its Product Reference Guide, affectionately referred to as the PRG by our Motorolalien friends. PRGs are massive tomes, 330+ pages of everything from how to set up your scanner to the arcane practices required to pair it to a Pontiac Aztec. Maybe not so much on the latter, but it’s a very in depth book.

The CS4070, like the CS3000 line, comes with a config.ini file on its built-in memory. This allows you to make changes to the configuration if you don’t have access to the PRG or 123scan. I like having this secondary method for programming the scanner, as it allows you to do bulk configurations simply by uploading a file to each device.

Batch Mode
For registry applications, inventory checkout, or other bulk scanning tasks, the CS4070 is a dynamo. The scanner has 512 MB of memory built-in, meaning you can store… millions and millions of 13-digit UPC barcodes before it fills up. When you plug it into a computer via USB, it mounts as a flash drive, so you could theoretically upload an autorun procedure and a standalone application, ideally to export the saved data to whatever platform you happen to use. You could probably put Snood on there too if you were so inclined.

BlueTooth Mode
This is the main course for the scanner, there’s a BlueTooth button on it even. Bluetooth mode allows you to pair the CS4070 to any Bluetooth-equipped device, or the optional Bluetooth dongle that Motorola sells. Setup takes a couple steps, either scanning the “Bluetooth HID mode” barcode in the PRG, or holding the Bluetooth button on the scanner until it beeps. Then all you have to do is scan for Bluetooth devices on your smartphone or laptop, and click pair. You might have to scan a PIN, those codes are in the PRG as well. If you have an iPhone, it just works. I think it’s because of the MFi chip that’s built-in.

Once you’re paired to a mobile device, if you hit the minus key on the CS4070, it’ll toggle potential on screen keyboards, such as those on iOS and Android devices. This is great if you’re using the scanner for mobile inventory management and need to enter in descriptive or quantity data.

Performance
Motorola makes some incredibly powerful scanners, and the CS4070 is no exception. I was able to scan regular UPC barcodes from about two feet away, which is a pretty fantastic depth of field. The depth of field change depending on the symbologies you’re scanning, such as a 5 mil Data Matrix or 15 mil PDF417, but the range is still ideal for minimizing training to find the “sweet spot.”

The CS4070 can charge either using a microUSB cable or one of the various charging cradles Motorola’s made. It only takes a few hours, and there’s a nice battery gauge on the front of the unit to let you know just how charged it is. The battery is removable, as well, so you can pocket a spare for longer scanning sessions.

Accessories
There are a few charging accessories available for the CS4070, in case you want something a bit more formal than a microUSB cable. A single slot cradle is available, which also includes a smaller secondary battery charging bay. For larger deployments, there are some larger options: an 8-bay scanner charger as well as an 8-bay battery charger. These also have all mount options, so you can have it in an employee area where it’s easy for employees to grab one and head off to do their duties. A Lanyard should be out soon as well, making it easy to clip the CS4070 to yourself in case you need to move or pick something up with both hands.

All in all, the Symbol CS4070 is a great companion scanning option for both batch or mobile scanning. The memory on the scanner is great in case you want to store files or apps, and the Bluetooth mode is relatively straightforward to set up. It feels pretty comfortable in hand, there’s a nice groove under the bottom for better ergonomics.

Did you know that you don’t need a Square Stand to connect a USB barcode scanner to your iPad? We put together a walk through on Instructables with steps on how to use a cabled barcode scanner with an iPad or iPhone or iPod Touch or other iOS product. There are some hubs available that’ll let you connect keyboard and other HID peripherals to your iOS device, we got ours at Amazon. Anyway, head on over to that article and learn more!

%d bloggers like this: