Key and card identification
Best practice: checkout security starts with the lock
"Everyone knows all the PINs - and in the end the wrong one is thrown out."
PINs are convenient - especially on mobile devices, where each operator works with their own device. Login by PIN is a simple, practical solution here. The situation is different at stationary checkouts where several employees work simultaneously or consecutively. Dangerous proximity often arises unintentionally during operation:
-
One colleague stands directly behind the other and observes the login.
-
Two people talk to each other while booking - the PIN is visibly entered on the side.
-
The sequence of numbers is memorised without anyone really wanting to.
What begins harmlessly can inadvertently become a security risk - and lead to major damage if someone later misuses this information.
The risk: unintentional openness - deliberately exploited
| Everyday situation | Possible misuse |
|---|---|
| Close working at the checkout | PINs are monitored and memorised |
| Small talk when booking | Input becomes unconsciously visible |
| A colleague quickly takes over a receipt | Login remains active - misuse possible |
| PIN seen is consciously used later | Booking is made under a false name |
(Note: with functions such as Work as another operator and Spontaneous intervention with the phantom mode, you can work logged as another hire worker if this is necessary)
The solution: Physical key for clear responsibility
At stationary POS systems, we clearly recommend: Hands off PINs, use the key.
Whether magnetic card, transponder, RFID chip or key fob - the main thing is that they are indivisible, invisible and cannot be recognised by chance.
Only those who have the physical key in their hand can make a booking - this prevents spying and misunderstandings.
✅ When PINs make sense - and when they don't
Mobile device: PINs possible - 1:1 assignment
Stationary cash register: Key strongly recommended
Our tip:
"It doesn't have to be malicious - a fleeting glance is enough."
Further topics: Best practice: Key removal closes process - fast, secure, proven
Further details on the use of PINs
You can assign a key (alternatively also transponder or magnetic card) to operators to whom you have assigned operator authorisations and a secret number. This operator key identifies the operator in cashier mode and on some other Hypersoft programmes. If operators log in without a key using only their secret number, you must ensure that the secret number cannot be spied out. This is how PINS are used:
- A secure (long) PIN (secret number) is cumbersome for a quick login, short PINs can be guessed and spied on. Therefore, keys should be used whenever possible.
- In order to assign a key, the employee must be selected and the correct secret number entered once. From then on, the key for the employee login is also available without having to enter the secret number again. But the PIN is still valid and can be used instead of the key. So do not use a PIN like 111 etc.
- With the cash register function operator login secret number the secret number can be used instead of a key for login.
In general, it is a risk if the cash register function operator secret number is accessible to all operators, as in addition to each assigned key, this number allows access. However, the secret number also plays a security-relevant role in the assignment of keys, because if technically compatible (foreign) keys are applied to the POS system, only the secret number to the matching employee is needed to teach this foreign key to the system. Therefore, the secret numbers should preferably be a longer random sequence of numbers. If you use keys, you no longer need the number after the assignment.
Unfortunately, it has already happened several times that secret numbers such as 111 were tried out by the first employee purely by chance, and thus a foreign key was assigned instead of the intended one. Especially high-ranking employees who do not use a key but a number combination should use a complex secret number as PIN.
Activate timer for automatic logout...
If you have to work with PINs, you can at least activate an automatic logout. Without a key, open processes can permanently disrupt processing for others. Therefore: When working without an operator key, at least set up the Auto Key Out function.
Enable enhanced security for operator secret numbers
In the Global settings tab of the user settings there are options to increase security.
To do this, activate the Increased security for operator secret numbersswitch. Then select the length of the secret numbers.
Activating the function provides for several adjustments to the system in terms of security...
- The concept is that only the system can generate a secret number (so that an existing one is not accidentally used / hit).
- When entering an employee, a temporary secret number can be generated. This is displayed and handed over to the employee.
- The employee is requested to log on to the POS under the temporary secret number and to request a permanent secret number of his own there. This means that the secret number field in the employee master record is now only filled with stars.
- With the self-requested secret number, you give the employee the opportunity to take responsibility for his registration, because as long as he has to rely on confidants, he can not do this.
If the function is active, there is a button in the employee master and in the operator authorisations to generate a temporary secret number: Generate secret number:
If an operator has generated his own permanent secret number at the cash register, this cannot be viewed or printed in the employee master data or in the operator authorisations. A temporary secret number generated in the employee master data or in the operator authorizations is always visible and can also be printed out on the lists in order to distribute them conveniently.
Therefore only the respective employee should know the permanent secret number. If necessary, he can request a new secret number at any time. If you want to invalidate his secret number, simply press Generate secret number, this will be displayed to you again and is then not yet known to the employee.
He can then no longer log on with his own permanent secret number.
Request your own permanent secret number at the POS
When selecting the clock, appears with the operator logged in the clock menu. If you have activated the Increased security for operator secret numbers as described above, there is an additional entry Change secret number.
If you select this command, the following dialog appears:
The existing secret number of the currently logged in operator must be entered here (again for security reasons). If this matches, the Create new secret number button is activated and by selecting the button, a number is created and displayed according to the settings. The green save button is then released.
If the server forgets its own permanent secret number, request a new temporary secret number as described above.
The first time you place an operator key in cashier mode, an assignment dialog appears and you are prompted to select the operator and enter the secret number (only operators with secret numbers are displayed).
To assign a key, proceed as follows:
- Start the POS cashier mode.
- Place the key on the key holder (the assignment dialog box appears).
- Select the appropriate operator from the list.
- Enter the secret number
- Confirm the entry with OK.
The key is thus assigned to the operator.
Allow employees to assign a new PIN...
Once the operator has changed the secret number / PIN via the clock menu, it is replaced by asterisks in the employee master record: **** so that the individual secret number cannot be viewed. If the operator has forgotten his PIN, you can generate a new PIN via the Generate PIN button, communicate this and request that the PIN be individualised again.
To unassign the key, replace the key and press the cash register function Operator from Unlock Key.
If you have connected a dispensing system and use different keys there, you can store the key number from the dispensing system in the operator authorizations.
The dispensing system interface then assigns bookings with these key numbers to the operator.
You can initializeany card as a user card. Use the cash register function Activate MP customer cardVoucher Info. If the card is then used in cashier mode, it can be assigned to an operator like a key. An operator can then log in with this card or book on this card. If such a card is read, a dialog with the selection appears:
- Register operator
- Book consumption on this card
- Record working time
If you use the cash register function Employee goes with an operator card, the system checks whether there are still transactions on the card and first prompts the card to settle them instead of entering the second one.
Further topics:
Further topics: Station settings Peripherals
Back to the overarching topic: Operator authorisations