The POS Software Blog

News from Tower Systems about locally made POS software for specialty local retailers.

CategorySecurity systems

Beware this email scam


A client received this email recently…


I’m a programmer who cracked your email and device a few months ago.
You entered a pass on one of the sites you visited, and I intercepted it.
This is your password from on moment of hack:

Of course you can will change it, or already changed it.
But it doesn’t matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible (in ‘from address’ is
a random contact).

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a
complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I’ve never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made
screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I’m sure you don’t want it.

Therefore, I expect payment from you for my silence.
I think $868 is an acceptable price for it!

Pay via Bitcoin.
My BTC wallet: XXXX

If you do not know how to do this – enter into Google “how to transfer money
to a bitcoin wallet”. It is not difficult.
After receiving the specified amount, all your data will be immediately
destroyed automatically. My virus will also remove itself from your
operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen – all your contacts will get crazy shots from your
dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48

Do not be silly!
Police or friends won’t help you for sure …

p.s. I can give you advice for the future. Do not enter your passwords on
unsafe sites.

I hope for your prudence.

This email is a scam. It was mentioned by the federal government recently as a scam, too. The best protection is to ensure you have your data backed up in the cloud, that you change passwords regularly and that you do not pay the ransom.

Note: we have removed identifying details from the email.

Tower Systems offers small business retailers help with the Petya malware attack


We published to our small business POS software customers today reminder advice on the best steps to follow to protect the business against impact from malware. This is especially relevant today because of the overnight Petya attack in the UK and elsewhere, including in Australia.

Being early with consistent professional advice helps our small business customers protect their businesses.

Here is best practice advice on which any computer user can rely:

A new malware attack on computers is sweeping the world. It has hit the UK government, big businesses (shutting down the Cadbury factory in Tasmania) and small businesses. Please protect your business. Here is our advice.

  1. Tell all who use your computers to not open any emails that look suspicious in any way.
  2. Do not click on any links unless you are 100% sure.
  3. Do not open attachments unless you are 100% sure.
  4. Make sure you have the latest Windows update running on every computer.
  5. Never connect a computer to your network unless you are sure it is clean.
  6. Advise all employees of these requirements.

The easiest way to recover is if you use a professional cloud backup.

Tower Systems helps small business retailers protect against crypto locker attack


Tower Systems continues to help independent small business retailers reduce the possibility of impact from a crypto locket attack.

The help and service from Tower Systems is preventative as well as recovery focussed should the prevention advice be ignored.

In the Tower newsletter, regular weekly email and other communications the company ensures its thousands of small business retail customers has the information they need to properly an thoroughly deal with an attack.

The assistance from the company starts with the preventative, in the form of plain English computer use advice.

Here is a copy of the rent advice widely circulated by Tower Systems to its POS software customers:


  1. The computers in this business are business tools. Their security is vital to the safe running of the business.
  2. Do not use any computer for any form of personal use without permission. This means:
    1. No playing games.
    2. No looking at porn.
    3. No Facebook.
    4. No browsing websites unless they are websites used regularly by this business for running the business.
    5. No connecting your phone to the computer.
  3. Do not open emails including business emails unless you have permission.
  4. Do not click on any link in any email unless you are 100% certain the email is from a trusted source.
  5. Do not clear the browser cache.
  6. Never put a USB stick in a computer unless you are certain of the source.
  7. Never permit anyone to use a computer in the business unless you have permission.
  8. Never give anyone a computer password from the business.
  9. If someone you don’t know calls and tells you to do something with the computer, make sure they have authority.
  10. Never write down any business password you are entrusted with.
  11. Never connect a USB stick with the computer unless you have permission.
  12. If you do something wrong own up to it immediately.

This is advice we suggest a retailer ives to all employees. It has been written for that purpose.

If you use our cloud backup service, recovering from a crypto locker is easier. Regardless, backing up every day in any method gives you a faster and lower cost recovery option. We offer a professional cloud based backup service. We use it ourselves and are happy to recommend it to our customers.

Tower Systems POS software customers safe with credit card details processes


Retailers using our Tower Systems POS software can rest easy that their businesses will not be as exposed a US retailer Target and the news from the US that around 40 million records were stolen in a security breach experienced by the giant retailer. The POS used by Target stores customer name, credit card number, CVV code and expiry.

Tower Systems does not store this information for over the counter purchases.

Customers purchasing using, for example, the Tyro integrated EFTPOS, the newsagency software does not have any visibility of or access to customer credit card details. This arms-length approach is far more secure than the approach taken by Target.

Retailers using our software can choose to separately store credit card details but this in encrypted. Also, our software does not store the all-important CVV code – for security reasons.

Retailers using the Tower Systems software could not suffer as Target in the US is suffering.

Enhanced integrated POS software CCTV security solution


securitycamOur software development and hardware teams have been working hard in recent weeks to bring to market a new POS software / CCTV integrated solution, an enhanced solution beyond what we have offered for many years.

We are thrilled to advise that the latest work is paying dividends with the new security bridge close to launch, delivering better and more useful security solutions integrated with our Point of Sale software.

The new security bridge is a best-practice solution, integrated with our Point of Sale software, delivering small business retailers tools with which they can better track and manage employee and shopper theft and through which they can expect to drive a better bottom line for their business.

The photo shows one of our many installations where the shop is monitored from the POS screen.

Hackers attacking small business retailers


Tower Systems was recently called on by police to provide expert assistance in investigating a hacker attack on a retail business. Our expertise was useful in helping police understand evidence they had collected.

Tower Systems has best practice security advice for retailers using our Point of Sale software, advice that, if followed, better protects the business against hacker attack and reduces the opportunity of compromising important business and customer data.

Our recent work with the police enabled us to check-in with current best practice and to better understand the type of attacks that are most common against businesses in our customer portfolio. This information helps us better serve our customers.

Tower Systems offers a service whereby we will assess the risk of a business and provide advice on appropriate steps to be taken to protect the business and its data in their specific situation.

We know from recent media coverage that hacker attacks have escalated in 2013. Now, more than ever, data and IT system security is important for businesses of all sizes.

Checking out new security solutions for retailers


One of the areas members of our leadership team investigated when in Las Vegas for the Consumer Electronics Show two weeks ago was retail security.

For many years we have offered security camera system integration through our POS software.  We have also provided expert witnesses in police investigations and for court cases pursuing employee theft.

At CES we got to see and interact with a range of new technology, some POS software integrated and others free standing. The CES event has enabled us to be more aware of the latest developments in the retail security and theft prevention in the US, the country most advanced in this field.

The most valuable measure retailers can take against employee theft remains the facilities in their software. Tower Systems is renowned for providing access to comprehensive and professional theft management / reduction facilities in its Point of Sale software. From deep level password protection of key business data to secret tracking of user activity, our software enables retailers to better protect their businesses and thereby reduce the cost of employee theft.

Enhanced employee security in POS software to help cut employee theft in retail


In response to increased theft activity and a better understanding of behaviour, we are developing software enhancements in our Point of Sale software in the area of system security.  These enhancements are currently slated for our next Point of Sale software update and will deliver even better protection against and assistance with managing employee theft.

We continue to be engaged in the fight against employee theft on a range of fronts on behalf of our customers. Thanks to our work with insurers, police, prosecutors and retailers we have a considered and researched view of the theft problem.

We will continue to enhance our software in this area, to provide our retail partners with tools that aim to reduce the cost of theft to their businesses.

Tower Systems web attack stopped early on


We have strengthened web security following an attack on our web services in recent weeks. The attack was detected prior to and damage being done. It appears that our facilities were to be used as a platform for other actions, as if often the case with a digital break in.

Thanks to quick work of our web development and technical services teams we were able to better secure our position and take other measures to even further enhance early warning we receive about any attack.

Client data was never at risk given where and how this is stores. Client credit card data was also secure as this is managed by our back.

We mention the attack today as a reminder about the importance of security over business data and systems. Backing up every day, being serious about passwords and having your network checked for possible entry points is vital to the success of any business in this digital age.

Point of sale software integrated security system cuts theft


The security camera / CCTV marketplace remains cluttered.  There are back yard operators offering security systems for $2,000, even less.  There are high end players offering systems for $20,000 and up.

For many years now we have offered a powerful digital camera based system integrated with our Point of Sale software. This has helped in many theft situations from a few hundred dollars to well over $200,000 in theft. This system busts crime and it deters crime.

We were the first in our core marketplaces to integrate directly with the Point of Sale software and offer valuable search and access facilities. We continue to evolve the product to deliver valuable outcomes for our customers.

Small business owners ought to be careful if considering a security / CCTV system.   It is a complex business which requires specialist skills and, in some states, certification.

As the warning goes, caveat emptor – let the buyer beware.

Snow globe theft from our office


Check out this video of someone walking in off the street and stealing two snow globes from the reception desk of our office earlier this week.

Untitled from mark fletcher on Vimeo.

The desk is rarely unattended. What is most chilling is that they appeared to know exactly what they wanted.

As a result, security is being beefed up.

Enhanced security for Tower Systems Website


Last week we introduced more stringent security around the Tower Systems website and, in particular, user access. The changes were quite disruptive in that we had to reset all user passwords. Despite emails and a fax being sent to all customers, the change led to an extraordinary spike in help desk calls. Our team did an excellent job getting through these.

The result is a more secure website for us and for our customers. In today’s world of rampant hacking, attention to security is vitally important.

We appreciate the consideration of our customers thorough the implementation of these changes.

How Much Does the Virus Threat Cost Business?


The cost of the threat of damage by a computer attack is extraordinary, particularly at the small business end of the marketplace.  Down here at the small business end of the software marketplace we often encounter people using firewall and other protection software without thought and often impacting on the efficient and hassle-free use of their core business software.

More and more calls to our Point of Sale software Help Desk are to do with issues caused by ill-considered firewall and security software settings.

We try and mitigate the cost by recommending the software our customers should use and the settings they should adopt.  It is when they stray from this advice that they often end up with trouble and need our assistance.

In these situations, the mates or others who advised their use of the software selected are often unable to help resolve issues their advice has caused.

Navigating firewall settings for software we have little or no experience with can be time consuming.  It takes us away from helping those who do follow our advice.  We estimate that 20% of our total Help Desk time investment is on security threat related calls and that half of these could be avoided by following our advice from the outset.

For virus and firewall protection we recommend using the advice contained in our firewall and virus advice sheet.

In the meantime, those who create the threats must love this waste of time and consumption of business capital.

Bringing More Security to the Retail Sales Counter


alertbutton.JPGRetailers using our Point of Sale software have at their disposal a button on the Point of Sale screen which can raise an alarm in the event of a concern or an incident inn store.  Our users can control the function of the button.  The most common use is for a pre-coded email to be sent to a priority email address with an external security firm, alerting them to the incident.  Another use of the alert button is for the software to send an urgent SMS text message to a designated mobile phone number when the button is pressed.

With our software being used in some high end businesses, having access to such an alert button can provide front of house staff with peace of mind.

We have a retailer who relies on this button for sales staff to alert the manager who works from an offer at the rear of the business.  On receiving the text message, the manager feigns an excuse to enter the showroom and ensure that the business and its employees are not at risk.

While we have had the alert button for many years, its use is becoming more prevalent today as retailers are more concerned about security these days.

The label for the button itself can be changed at the store level, just as the actions taken by the pressing of the button.

Kaspersky Antivirus Update Causes Problems


An automatic update to the Kaspersky Antivirus and Security software is causing problems for some of our customers, blocking access to software facilities and disrupting the business.  Our Help Desk is fielding plenty of calls about this, a problem not related to our software and not caused by us.  Our recommended antivirus and security software is AVG.  We encourage our customers to use AVG and adhere to the settings we advise.

Tyro / Tower Systems broadband eftpos: fast and secure


Jost Stollmann, the CEO of Tyro (fast broadband eftpos), wrote to all software companies which integrate their software with the Tyro eftpos solution about the recent reports of fraud using eftpos terminals. I publish his note here in full as it provides excellent information to consider.

We completed our Tyro integration earlier this year and already have well over 200 retailers using this.  This is growing weekly thanks to excellent word of mouth around the speed, savings and, security…

In recent press you may have seen headlines alerting Australians of a card payment scam that was discovered in a West Australian multinational fast-food restaurant chain. Something like 3,500 customers seem to have been defrauded by $4 million. What about your merchants? Are they exposed without knowing?

This is a check list for their peace of mind that I sent them:

1. Have your acquirer guarantee that his terminals are PCI PED and EMV 4.0 certified! All Tyro terminals are. They are the newest generation protected against eavesdropping, tampering or message forgery. All sensitive information is protected, and instantly erased if the terminal is tampered with.

2. Have your acquirer guarantee that no card holder data passes on to any PC, for instance residing in memory in the clear! With Tyro’s integration technology, no card or PIN data is ever passed on. It never reaches your Point of Sale (POS) software. Therefore, even if malicious data capture software was to be loaded onto your POS, it would not be possible to capture, store or transmit confidential card data.

3. Have your acquirer guarantee that card holder data is never transmitted in the clear! With Tyro’s technology, any transmission occurs only encrypted through an-end-to-end secured connection between our PCI PED certified terminal and our PCI DSS compliant switch, and it is using totally safely the public internet.

Sorry, if this sounds a little like bragging on about ourselves, but we are dead serious. The reality is that most EFTPOS terminals transmit card data in the clear. Integrated EFTPOS solutions hold card data in memory in the clear. We think it is most important to protect merchants and card holders against the increasingly sophisticated fraud industry. It is also important to maintain the consumers trust in the card payment industry.

Tyro is the only new entrant into the Australian payment industry. We are leading the industry in security. So, if you want to protect your merchants and their customers from card data security breach, possible scheme fines and potentially catastrophic reputation damage to their business and to the industry, recommend Tyro to them. If you are not yet integrated with us, what are you waiting for. If you are help us spread the word and recommend us to your customers. Thank you for your consideration.

Tyro is integarted with newsagency software from Tower Systems.  Our Tyro integration delivers tangible benefits: saving time, cutting mistakes and saving money – in addition to enjoying better security.

Disclosure: Tower Systems receives a small clip from transactions through Tyro, this funds support and link development.

POS software security facilities enhanced


Last month, we quietly released enhanced security facilities in our point of sale software.  The new facilities focus on reducing employee and customer fraud against businesses using the enhanced software.

Months in development, the enhaanced security facilities are truly state of the art and unique to our software in our marketplaces.  Our work has been done in association with experts in retail security.

We know that fraud / theft in retail costs between 3% and 5% of turnover.   Risk of discovery is key to reducing the cost to a business.  Our enhanced facilities provide the business owner with better facilities with which to discover a problem.

Point of sale integrated security camera cuts theft


Our POS software integrated security camera system has helped another of our customers address a theft problem.  While many systems claim to be integtrated with point of sale software, few are.

In this latest incident, we were able to help our customer catch someone scamming the business with bogus refund requests.  While the amount involved this time was relatively small, providing a consistent process for retail staff to follow can save a business thousands of dollars a year.

We are close to releasing an enhanced security bridge between our retail management software and the security camera system with which we link which will enhance further the Tower Systems security offer.

Enhanced security bridge helps cut theft in retail


We are about to start live testing of a significantly enhanced security bridge.  This bridge between our software and smart image recording technology is exclusive in our software – it enables our retailers to search image footage by transaction type, content and staff member.  This reduces the time spend reviewing footage in search on any event of concern.

We first released our secruity bridge six years ago and it has undergone significant change since.  The latest changes take the marriage of security management facilities and point of sale facilities to a new level.  We are grateful to technology developers overseas who have provided deep access to their image capturing systemto enable our new bridge to be built.

Once the in-field tests are completed we will release the bridge for general use.

Security of credit card information


We yesterday completed a review of the handling and storage of customer credit card details processed through our point of sale software given the current tightening of security standards being driven by Australian banks.  Our software meets these tight standards. 

Our software, porcesses and standards have been passed by Australian banks as well as other international parties whose standards we must meet given some of the transactions we process. 

That we meet today’s standards including the PCI DSS standard offers peace of mind to current Tower Systems customers and prospective customers.

Flexible security solution


ptzcam.JPGThe PTZ (Pan, Tilt, Zoom) camera is a popular component of our point of sale integrated camera security system. It can be accessed and manipulated from anywhere in the world by anyone with an appropriate security clearance for access through the internet to the business. From a remote location you can see into the shop, pan to 360 degrees and zoom to ten times. This is fantastic flexibility. Customers who install the PTZ camera enjoy the flexibility they have in watching the business at key times when they are unable to be in-store live.

Our software allows you to get straight to video of specific transactions based on date and time, items sold, staff member or other criteria. This flexibility can save hours of time you might otherwise spend looking at video footage. We are enhancing our video links to further improve these facilities – these latest changes are on the back of advice from our users.

We were the first to introduce point of sale / security linked facilities years ago and to offer data driven video search capabilities.

POS integrated security camera systems


The security camera / CCTV marketplace is cluttered.  There are back of the car operators offering security systems for $2,000, even less.  There are high end players offering systems for $20,000 and up.

The jargon around security systems makes the market one which is attractive to people light on ethics.  They can through in some cool sounding terms, win confidence of an unsuspecting small business person, sell some kit for a few thousand and pocked two thirds of that as profit.

One retailer I was talking with last night fell for this.  She paid $4,500 for a four camera system which is not even worth a fraction of that.   The cameras are poor quality, one is not even connected.  The frames per second rate is very low, meaning that only a series of stills is captured.  Some checking revealed that the company from which the business bought the system does not exist, the owner/salesperson/installer is not contactable.

Small business owners ought to be careful if considering a security / CCTV system.   It is a complex business which requires specialist skills and, in some states, certification.  We have been in this space for the last six years with our fully point of sale integrated solution.  Part of our work can involve work with existing security installations.  This is where we get to see the practices of others.

As the warning goes, caveat emptor – let the buyer beware.

The firewall challenge


Firewalls are problematic for users, software providers and others supporting the systems. Everyone wants settings their way. A change here and impact a connection from somewhere else. When you;re dealing with small business owners who do what they are told in this area, you can quickly find yourself with operational problems because one supplier connecting to the system has demanded firewall changes which cause another to be compromised in their access.

The cost of managing secure access to a small business system is growing as more suppliers connect directly with the business. We have small business customers with regular direct online access with an many as eight companies and all it takes is for one of those to demand a change and the others may have a problem. We have produced a standards document to try and navigate this but some suppliers don;t care – it’s their way or no way.

Some days, twenty percent or even more of support calls we take are firewall related – not to do with our software as such. The calls come to us because the supplier involved usually does not want to help, the supplier of the firewall can’t help with industry knowledge and the industry itself has no central approach to managing these things.

Security is important. I wonder if economists have costed everything associated with data security for a small business.

Proving employee theft


A picture tells a thousand words as they say. It is true in court where you are trying to prove a case of employee theft. Take a look at the image below. Even though we have staged this, it shows the video footage and data from our point of sale software proving what was happening at the time – a canceled sale. This is hard evidence, proof of a crime and it is available directly from within our point of sale software using our exclusive theft bridge technology.


Users of our technology can go into their system, call up a list of canceled sales (ot other suspicious activity) and in an instant have the data and vision marriage on the screen. It’s brilliant. More than that, in most businesses it pays for itself in no time since customer and other disputes are settled quickly and accurately.

Our link was a first and now we are enhancing it, new features will keep us in our own league in the mission to cut the cost of theft in small business.

Employee theft a hot topic


Yesterday was one of those days when a key issue dominated. The issue was employee theft. Not here, but in businesses in which our software is used and elsewhere among small businesses. It started with a call from a customer concerned that something may not be right.

As is the case with these things, I’d tend to receive the call – an owner to owner call appears less stressful than them discussing what they see as failure with someone on our Help Desk. In a few minutes he had enough evidence from his system to make contact with the police.

Next was a call from a police officer we are helping prepare a case on behalf of a client. There were questions about keystroke patters and how these are reliable indicators of theft or fraud.

In the afternoon I was interviewed for an article about theft in small business and as is often the case with such interviews, one comes away better informed thanks to good questions.

Early in the evening was a call from an employee asking the wrong question of the wrong person – I’ve let the owner know that they need to take control back over their data by protecting high level passwords more.

Theft management tools, while not our core product, are important to what we do. They help our customers reduce the cost of theft in their business. Beyond the tools, however, is the service we provide – encouragement and guidance on addressing the issue. We have learnt from our own experience in retail that theft is part of the turf. How you manage it can make or break you.