by RSS Daniel Dern  |  May 07, 2015  |  Filed in: Industry Trends

If the Point of Sale (POS) system in your retail business is still running on an older operating system, e.g., Microsoft Windows XP or anything else pre-Win 7, there are a number of compelling reasons why it's long past time to change that.

And while most of these reasons are gotchas, there are also positive reasons. Newer systems are simply richer in features and easier to use.

It's understandable that businesses want to hang onto systems that are still working and that employees are familiar with. But it's a bad idea that will only continue get worse.


Continuing to use outdated operating systems can cost you

If you accept credit cards, your system must be compliant with the PCI DSS (PCI Security Council's Payment Card Industry Data Security Standard) standards, which includes the software being updateable. "Compliance" includes being able to apply security updates -- and having access to fresh security updates on a regular basis.

So what’s the price of non-compliance? You may have to pay fines, penalties, and other fees to the company that's handling your credit-card processing -- expenditures that are probably more than the cost of moving to a new system. And if your system isn't compliant, payment gateways may simply terminate their relationship with you.

Plus, if your company suffers a credit card data breach while there's XP or other non-compliant OSs and software in the system, the fines and other costs, already non-trivial, may be even higher. Microsoft is still supporting an embedded version of Windows XP for POS systems, but the clock is ticking and hackers have had many years to develop exploits. Even “being supported” doesn’t mean being secure.

Your unsupported point-of-sale system is extra-vulnerable

Without regular security updates, your POS systems are increasingly vulnerable to cyber-attacks -- breaches, malware, APTs, and more. And note that this isn't just for your Point-of-Sale systems, but anywhere in your Cardholder Data Environment (CDE).

This isn't abstract theory. Example: The 2014 massive data breaches at Home Depot and Target exploited known flaws in XP.

XP has probably been the most-publicized of the lot. In 2013 Microsoft announced it was "retiring" XP -- no updates, no bug fixes, no security patches, no support. Microsoft subsequently announced some extensions of support, including Extended Support for Windows Embedded for Point of Sale SP3 -- would run until April 12, 2016, and Extended Support for Windows Embedded Standard 2009 until January 8, 2019. However, Microsoft's plans don't mean non-Microsoft tools used on these systems -- like antivirus and device management software -- will continue to be updated.

But it's a mistake to focus on Windows XP, as opposed to "anything we can't be sure is still being supported." For example, Windows Server 2003's end-of-life is currently scheduled for July 2015 -- and it's part of many companies' transaction handling. And for all you know, your POS is running on something even older, like Windows 95, Windows 3, or plain old DOS.

Your aging hardware and software are increasingly likely to fail

Even if you avoid security breaches, old hardware and software are more likely to fail -- and will be harder and more expensive, and take longer to fix. Since Microsoft stopped selling XP in 2011, any XP POS system is at least three to four years old - and could easily be over a decade old.

Equally important, new hardware and software you buy may not work with XP, or with your existing hardware. Software may need faster processors and more memory, or may not have drivers for use with XP or other older operating systems.

Positive reasons to get a new point-of-sale system

Avoiding problems and financial penalties should be more than enough reason to motivate your business to move to a new Point-of-Sale environment. But there are also compelling positive reasons to do so -- compelling enough even without the "escape the negatives" mentality.

Point-of-Sale systems have come a long way since simply taking credit cards or being glorified cash registers. Look at what's going on where you buy coffee, groceries, books and magazines -- or drop in at an Apple Store. The register may have a second display letting you see your items as they're entered. Staff can "ring you up" using their smartphone, without needing to be at the counter. Many people are paying by waving their smartphone rather than reaching for their wallet. Not to mention scan and touchscreen self-service registers.

Your exit from XP isn't just to prevent disasters. It's also your opportunity to catch up with your competitors with the latest in POS features. So don't just see if your vendor has a post-XP upgrade (assuming your old POS vendor is still around). See what's available.

There's no shortage of new Point-of-Sale applications and services available. Some run on Windows -- Microsoft offers Windows 8.1 embedded for POS, for example. Some, like Square Pay, use iOS or Android. Some run locally (on computers at your site), while others run "in the cloud."

Regardless of the system you ultimately move to, while you evaluate your existing system, here are a couple of things to keep in mind:

  • If you can't determine what operating system your POS is running, that means you can't be sure your POS meets PCI DSS compliance.
  • Even if it is compliant, but it's more than a few years old, it's worth seeing what new POS systems can do for your business, beyond keeping you more secure.
by RSS Daniel Dern  |  May 07, 2015  |  Filed in: Industry Trends