Point of sale
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer (which may be a cash register printout), and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt, as proof of transaction, which is usually printed but can also be dispensed with or sent electronically.[1][2][3]
This article is about checkout technology. For managed care, see point of service plan.
To calculate the amount owed by a customer, the merchant may use various devices such as weighing scales, barcode scanners, and cash registers (or the more advanced "POS cash registers", which are sometimes also called "POS systems"[4][5]). To make a payment, payment terminals, touch screens, and other hardware and software options are available.
The point of sale is often referred to as the point of service because it is not just a point of sale but also a point of return or customer order. POS terminal software may also include features for additional functionality, such as inventory management, CRM, financials, or warehousing.
Businesses are increasingly adopting POS systems, and one of the most obvious and compelling reasons is that a POS system eliminates the need for price tags. Selling prices are linked to the product code of an item when adding stock, so the cashier merely scans this code to process a sale. If there is a price change, this can also be easily done through the inventory window. Other advantages include the ability to implement various types of discounts, a loyalty scheme for customers, and more efficient stock control. These features are typical of almost all modern ePOS systems.
User interface design[edit]
The design of the sale window is the most important one for the user. This user interface is highly critical when compared to those in other software packages such as word editors or spreadsheet programs where the speed of navigation is not so crucial for business performance.
For businesses at prime locations where real estate is at a premium, it can be common to see a queue of customers. The faster a sale is completed the shorter the queue time which improves customer satisfaction, the less space it takes, which benefits shoppers and staff. High-traffic operations such as grocery outlets and cafes need to process sales quickly at the sales counter so the UI flow is often designed with as few popups or other interruptions to ensure the operator isn't distracted and the transaction can be processed as quickly as possible.
Although improving the ergonomics is possible, a clean, fast-paced look may come at the expense of sacrificing functions that are often wanted by end-users such as discounts, access to commission earned screens, membership and loyalty schemes can involve looking at a different function of the POS to ensure the point of sale screen contains only what a cashier needs at their disposal to serve customers.
Cloud-based (post-2000s)[edit]
The advent of cloud computing has given birth to the possibility of electronic point of sale (EPOS) systems[16] to be deployed as software as a service, which can be accessed directly from the Internet using any internet browser. Using the previous advances in the communication protocols for POS's control of hardware, cloud-based POS systems are independent from platform and operating system limitations. EPOS systems based in the cloud (most small-business POS today) are generally subscription-based, which includes ongoing customer support.[17]
Compared to regular cash registers (which tend to be significantly cheaper but only process sales and prints receipts), POS systems include automatic updating of the inventory library stock levels when selling products, real-time reports accessible from a remote computer, staff timesheets and a customer library with loyalty features.[18]
Cloud-based POS systems are also created to be compatible with a wide range of POS hardware and sometimes tablets such as Apple's iPad. Thus cloud-based POS also helped expand POS systems to mobile devices, such as tablet computers or smartphones.[19]
These devices can also act as barcode readers using a built-in camera and as payment terminals using built-in NFC technology or an external payment card reader. A number of POS companies built their software specifically to be cloud-based. Other businesses who launched pre-2000s have since adapted their software to evolving technology.
Cloud-based POS systems are different from traditional POS largely because user data, including sales and inventory, are not stored locally, but in a remote server. The POS system is also not run locally, so there is no installation required.
Depending on the POS vendor and the terms of contract, compared to traditional on-premises POS installation, the software is more likely to be continually updated by the developer with more useful features and better performance in terms of computer resources at the remote server and in terms of fewer bugs and errors.
Other advantages of a cloud-based POS are instant centralization of data (important especially to chain stores), ability to access data from anywhere there is internet connection, and lower start-up costs.[20][21]
Cloud based POS requires an internet connection. For this reason it important to use a device with 3G connectivity in case the device's primary internet goes down. In addition to being significantly less expensive than traditional legacy point of sale systems, a notable strength of cloud-based point of sale systems is the ability to switch to a different product, by a different developer, without having to purchase new hardware. The many developers creating new software applications help to ensure that the system is supported for longer than a typical legacy POS system.
A number of noted emerging cloud-based POS systems came on the scene less than a decade or even half a decade back. These systems are usually designed for restaurants, small and medium-sized retail operations with fairly simple sale processes as can be culled from POS system review sites. It appears from such software reviews that enterprise-level cloud-based POS systems are currently lacking in the market. "Enterprise-level" here means that the inventory should be capable of handling a large number of records, such as required by grocery stores and supermarkets. It can also mean that the system software and cloud server must be capable of generating reports such as analytics of sale against inventory for both a single and multiple outlets that are interlinked for administration by the headquarters of the business operation.
POS vendors of such cloud based systems should also have a strong contingency plan for the breakdown of their remote server such as represented by fail-over server support. Sometimes a major data center can fail completely, such as in a fire.[22] On-premises installations are therefore sometimes seen alongside cloud-based implementation to preempt such incidents, especially for businesses with high traffic. The on-premises installations may not have the most up-to-date inventory and membership information.
For such contingency, a more innovative though highly complex approach for the developer is to have a trimmed down version of the POS system installed on the cashier computer at the outlet. On a daily basis the latest inventory and membership information from the remote server is automatically updated into the local database. Thus should the remote server fail, the cashier can switch over to the local sale window without disrupting sales. When the remote server is restored and the cashier switches over to the cloud system, the locally processed sale records are then automatically submitted to the remote system, thus maintaining the integrity of the remote database.
Although cloud-based POS systems save the end-user startup cost and technical challenges in maintaining an otherwise on-premises installation, there is a risk that if the cloud-based vendor closes down it may result in more immediate termination of services for the end-user compared to the case of a traditional full on-premises POS system where it can still run without the vendor.
Another consideration is that a cloud-based POS system actually exposes business data to service providers - the hosting service company and the POS vendor which have access to both the application and database. The importance of securing critical business information such as supplier names, top selling items, customer relationship processes cannot be underestimated given that sometimes the few key success factors or trade secrets of a business are actually accessible through the POS system. This security and privacy concern is an ongoing issue in cloud computing.
Security[edit]
Despite the more advanced technology of a POS system as compared to a simple cash register, the POS system is still vulnerable to employee theft through the sales window. A dishonest cashier at a retail outlet can collude with a friend who pretends to be an ordinary customer. During checkout, the cashier can bypass scanning certain items or enter a lower quantity for some items thus profiting from the "free" goods.
The ability of a POS system to void a closed sale receipt for refund purpose without needing a password from an authorized superior also represents a security loophole. Even a function to issue a receipt with a negative amount which can be useful under certain circumstances, can be exploited by a cashier to easily lift money from the cash drawer.
To prevent such employee theft, it is crucial for a POS system to provide an admin window for the supervisor or administrator to generate and inspect a daily list of sale receipts, especially pertaining to the frequency of cancelled receipts before completion, refunded receipts and negative receipts. This is one effective way to alert the company to any suspicious activity - such as a high number of cancelled sales by a certain cashier - that may be occurring, and to take monitoring action.
To further deter employee theft, the sales counter should also be equipped with a closed-circuit television camera pointed at the POS system to monitor and record all activities.
At the back end, price and other changes like discounts to inventory items through the administration module should be secured with passwords provided to trusted administrators. Any changes made should also be logged and capable of being subsequently retrieved for inspection.
The sale records and inventory are important to the business because they provide useful information to the company in terms of customer preferences, customer membership particulars, what are the top selling products, who are the vendors and what margins the company is getting from them, the company monthly total revenue and cost, among others.
It is important that reports on these matters generated at the administrative back end be restricted to trusted personnel. The database from which these reports are generated should be secured via passwords or via encryption of data stored in the database to prevent copying or tampering.
Despite all such precautions, the POS system can never be entirely watertight in security from internal misuse if a clever, dishonest employee knows how to exploit many of its otherwise useful capabilities.
News reports on POS system hacking show that hackers are more interested in stealing credit card information than anything else. The ease and advantage offered by the ability of a POS system to integrate credit card processing thus have a downside. In 2011, hackers were able to steal credit card data from 80,000 customers because Subway's security and POS configuration standards for PCI compliance - which governs credit card and debit card payment systems security - were "directly and blatantly disregarded" by Subway franchisees.[25]
In June 2016, several hundred of Wendy's fast food restaurants had their POS systems hacked by illegally installed malware.[26] The report goes on to say that "the number of franchise restaurants impacted by these cyber security attacks is now expected to be considerably higher than the 300 restaurants already implicated" and that the "hackers made hundreds of thousands of fraudulent purchases on credit and debit cards issued by various financial institutions after breaching Wendy's computer systems late last year".
These exploits by hackers could only be made possible because payment cards were processed through the POS system allowing the malware to either intercept card data during processing or steal and transmit unencrypted card data that is stored in the system database.
In April 2017, security researchers identified critical vulnerabilities in point of sale systems developed by SAP and Oracle[27] and commented, “POS systems are plagued by vulnerabilities, and incidents occurred because their security drawbacks came under the spotlight.”[28] If successfully exploited, these vulnerabilities provide a perpetrator with access to every legitimate function of the system, such as changing prices, and remotely starting and stopping terminals. To illustrate the attack vector, the researchers used the example of hacking POS to change the price of a MacBook to $1. The security issues were reported to the vendor, and a patch was released soon after the notification. Oracle confirmed[29] security bug affects over 300,000 Oracle POS Systems
In some countries, credit and debit cards are only processed via payment terminals. Thus one may see quite a number of such terminals for different cards cluttering up a sale counter. This inconvenience is offset by the fact that credit and debit card data is far less vulnerable to hackers, unlike when payment cards are processed through the POS system where security is contingent upon the actions taken by end-users and developers.
With the launch of mobile payment, particularly Android Pay and Apple Pay in 2015, it is expected that because of its greater convenience coupled with good security features, this would eventually eclipse other types of payment services – including the use of payment terminals. For mobile payment to go fully mainstream, mobile devices like smartphones that are NFC-enabled must first become universal. This would be a matter of several years from the time of this writing (2017) as more and more models of new smartphones are expected to become NFC-enabled for such a purpose. For instance, iPhone 6 is fully NFC-enabled for mobile payment while iPhone 5 and older models are not. The aforesaid disastrous security risks connected with processing payment card usage through a POS system would then be greatly diminished.