Kiosk security: Preventing key threats
In 2008, the luxury jewelry store Harry Winston faced a huge crisis. Four armed men dressed as women robbed $108 million worth of jewelry from its Paris salon, which led to a 9 percent fall in stock the following day. In our interconnected world, a single crime can lead to far greater ramifications for a company, including companies in the kiosk industry. For example, data breaches have quickly become a huge liability, with companies like Sony faced with massive fallout from security flaws. With this in mind, how do we improve overall security to mitigate these risks? KioskMarketplace examined a few kiosk security flaws and ways to address them.
First, one needs to look at the inherent security flaws in kiosks. For example, Michael Lynch, Envysion vice president of product management, mentions that you need to consider theft from customers, thieves and employees for both manned kiosks and unmanned self-service kiosks. "Kiosks are harder to protect due to their exposed nature and usually no ability to have a protective enclosure around the kiosk during non-operating hours. Employee theft occurs during operating hours and greatly exceeds the other two forms of theft," Lynch said. "For unmanned kiosks, the risks are primarily thieves and customers although there is still some risk of employee/vendor theft during restocking events."
According to the Envysion site, it can aid self-service kiosk by integrating sales and video data to track down suspicious events. Lynch states that features such as cameras and motion search can go a long way toward preventing crime. "With customer theft, video is used to verify and document such events, and integration with POS data can greatly speed the identification process," Lynch said. "Other features such as motion search and saving of clips long-term in the cloud also assist in customer theft instances and long-term documentation for authorities and insurance claims."
Analytics, according to Lynch, are also powerful tools to effectively examine video and motion to discover the source of theft. "Motion search, motion analytics and video analytics allow merchants to quickly find the video for such events, share with authorities and insurance and document the events long term."
Lynch also mentioned that Envysion allows exception reporting so that the retailer can search all transactions which utilized a certain type of card and compare with video footage.
However, there is also inherent danger on the software side of the equation. For example, a white paper by Mcafee mentions how hackers can attempt to access the control panel through the help and support center to change sensitive settings and possibly steal information.
In order to combat this issue, Mcafee recommends designing your kiosk software in a way that shuts down all but the necessary actions and limits security permissions for users. It also recommends wiping certain sensitive data after sessions or at the end of the day to prevent theft.
Some companies offer services to help one lock down your kiosk software. For example, KioWare utilizes lockdown software to prevent users from accessing certain features such as browsers. On the KioWare website, it points out that unless you limit user activity, you are at risk of hackers placing viruses on your kiosks. KioWare also uses remote management for administrators to check up on the kiosk software remotely.
Security is an expense, but it is also an investment. Effective security leads to increased ROI and consumer confidence. Disaster is always possible, so preparation is always necessary.
(Image by Frankie Roberto via Flickr).
Bradley Cooper / Bradley Cooper is a Technology Editor for DigitalSignageToday.com. His background is in information technology, advertising, and writing.