Key and card identification

Best practice with keys and secure secret numbers

This is a relevant recommendation whose explosiveness is not immediately apparent.

Keys for operators are a standard, no matter in which form they are applied. PINs (secret numbers) should only be used in exceptional cases.

Every operator who has responsibility for the money and the orders should work with his own registration. (It is about the standard and not about the few exceptions where this is not possible and small groups have to work with one registration. If you are affected by this, take the group into responsibility or, if available, the person who is in charge in the group).

Increasingly, tablets or similar without secure login are being used as POS systems. Newcomers in particular, including operators, do not see the risks. A professional but negatively conditioned operator can use the PINs of others not only to retrieve information (manager PIN), but simply to book onto their turnover. The ignorant person loses his tip for small sums, for larger sums he is dismissed. But the ingenuity of negatively conditioned operators can be much more complex in practice, because with each success they learn. Thus, transactions are reopened with other names, reworked, items cancelled, tips booked retrospectively, vouchers or credit balances accessed... the list is endless. The worst thing, however, is that without proper oversight, the undiscovered negative employees will stay and the good ones will go. Since this is usually contrary to a good concept, it leads to lasting and extensive damage.

A cash register system that is only poorly protected with PINs may ultimately have been responsible for the company's failure.

Activate timer for automatic logout...

To ensure that an operator logon and an open process cannot disrupt the system "indefinitely" if a logoff is forgotten, you should at least set up the Auto Key Out function when working without an operator key.

Further details on the use of PINs

You can assign a key (alternatively also transponder or magnetic card) to operators to whom you have assigned operator authorisations and a secret number. This operator key identifies the operator in cashier mode and on some other Hypersoft programmes. If operators log in without a key using only their secret number, you must ensure that the secret number cannot be spied out. This is how PINS are used:

  1. A secure (long) PIN (secret number) is cumbersome for a quick login, short PINs can be guessed and spied on. Therefore, keys should be used whenever possible.
  2. In order to assign a key, the employee must be selected and the correct secret number entered once. From then on, the key for the employee login is also available without having to enter the secret number again. But the PIN is still valid and can be used instead of the key. So do not use a PIN like 111 etc.
  3. With the cash register function operator login secret number the secret number can be used instead of a key for login.

In general, it is a risk if the cash register function operator secret number is accessible to all operators, as in addition to each assigned key, this number allows access. However, the secret number also plays a security-relevant role in the assignment of keys, because if technically compatible (foreign) keys are applied to the POS system, only the secret number to the matching employee is needed to teach this foreign key to the system. Therefore, the secret numbers should preferably be a longer random sequence of numbers. If you use keys, you no longer need the number after the assignment.

Unfortunately, it has already happened several times that secret numbers such as 111 were tried out by the first employee purely by chance, and thus a foreign key was assigned instead of the intended one. Especially high-ranking employees who do not use a key but a number combination should use a complex secret number as PIN.

Enable enhanced security for operator secret numbers

In the Global settings tab of the user settings there are options to increase security.

To do this, activate the Increased security for operator secret numbersswitch. Then select the length of the secret numbers.

Activating the function provides for several adjustments to the system in terms of security...

  1. The concept is that only the system can generate a secret number (so that an existing one is not accidentally used / hit).
  2. When entering an employee, a temporary secret number can be generated. This is displayed and handed over to the employee.
  3. The employee is requested to log on to the POS under the temporary secret number and to request a permanent secret number of his own there. This means that the secret number field in the employee master record is now only filled with stars.
  4. With the self-requested secret number, you give the employee the opportunity to take responsibility for his registration, because as long as he has to rely on confidants, he can not do this.

If the function is active, there is a button in the employee master and in the operator authorisations to generate a temporary secret number: Generate secret number:

If an operator has generated his own permanent secret number at the cash register, this cannot be viewed or printed in the employee master data or in the operator authorisations. A temporary secret number generated in the employee master data or in the operator authorizations is always visible and can also be printed out on the lists in order to distribute them conveniently.

Therefore only the respective employee should know the permanent secret number. If necessary, he can request a new secret number at any time. If you want to invalidate his secret number, simply press Generate secret number, this will be displayed to you again and is then not yet known to the employee.

He can then no longer log on with his own permanent secret number.

Request your own permanent secret number at the POS

When selecting the clock, appears with the operator logged in the clock menu. If you have activated the Increased security for operator secret numbers as described above, there is an additional entry Change secret number.

 

If you select this command, the following dialog appears:

The existing secret number of the currently logged in operator must be entered here (again for security reasons). If this matches, the Create new secret number button is activated and by selecting the button, a number is created and displayed according to the settings. The green save button is then released.

If the server forgets its own permanent secret number, request a new temporary secret number as described above.

Assign keys to operators

The first time you place an operator key in cashier mode, an assignment dialog appears and you are prompted to select the operator and enter the secret number (only operators with secret numbers are displayed).

To assign a key, proceed as follows:

  1. Start the POS cashier mode.
  2. Place the key on the key holder (the assignment dialog box appears).
  3. Select the appropriate operator from the list.
  4. Enter the secret number
  5. Confirm the entry with OK.

The key is thus assigned to the operator.

Allow employees to assign a new PIN...

Once the operator has changed the secret number / PIN via the clock menu, it is replaced by asterisks in the employee master record: **** so that the individual secret number cannot be viewed. If the operator has forgotten his PIN, you can generate a new PIN via the Generate PIN button, communicate this and request that the PIN be individualised again.

Cancel key allocation...

To unassign the key, replace the key and press the cash register function Operator from Unlock Key.

Key of the dispensing system

If you have connected a dispensing system and use different keys there, you can store the key number from the dispensing system in the operator authorizations.

The dispensing system interface then assigns bookings with these key numbers to the operator.

Activate operator cards

You can initializeany card as a user card. Use the cash register function Activate MP customer cardVoucher Info. If the card is then used in cashier mode, it can be assigned to an operator like a key. An operator can then log in with this card or book on this card. If such a card is read, a dialog with the selection appears:

  1. Register operator
  2. Book consumption on this card
  3. Record working time

If you use the cash register function Employee goes with an operator card, the system checks whether there are still transactions on the card and first prompts the card to settle them instead of entering the second one.

Further documentation:

Barcodes and QR codes

Activate MP customer card


Further documentation: Station settings Peripherals

Back to the parent page: Operator authorisations