StorefrontBacktalk

This is page 2 of:

Stolen POS Tablets? Apple Can Track Them

August 22nd, 2012

Ironically, wiping the device—something any thief would be likely to do with a stolen iPad before trying to sell it—forces the device to reconnect to Apple to reinstall iOS. That gives Apple the serial number of the stolen device and IP address it’s connected to. Even if it’s not wiped, a stolen iPad’s serial number is logged when it connects to Apple or iTunes for any other reason.

And it’s almost impossible to use an iPad without connecting to Apple or iTunes fairly regularly.

This turns that loss-prevention problem on its head. Very few pieces of equipment in a store are as easy to steal as an iPad. But there isn’t any other store equipment that, by design, reports what it is, where it is and what it’s doing.

That means if an in-store iPad is stolen, the biggest problem may be getting local police to call Apple. (In the Jobs case, local police investigated the burglary for a few days before calling in REACT the following Monday. REACT promptly called Apple.)

Unfortunately, Apple’s tracking ability only makes it easier to find a device that’s been stolen by a thief who just wants the hardware to resell. A thief who is interested in stealing any information on the iPad—whether that means card numbers (bad developers! no PCI for you!) or passwords and other information that could be used to connect to a store’s POS system—would probably know enough to first isolate the device from Wi-Fi or mobile signals, both to keep it from calling home and to prevent it from receiving a signal to wipe itself.

That’s where the real LP problem is now with in-store mobile devices.

One workaround: Write your POS app so that it’s always connected to the store’s system. If it can’t find the store’s Wi-Fi signal—and doesn’t get the correct response if it finds a Wi-Fi signal with the same name as the store’s signal—the app could tell the device to wipe itself. That should delete any at-risk information and also make the hardware useless until it connects to Apple to reload iOS, which in turn gives Apple the ability to track it.

Let’s be clear: This workaround is only for iPads that are being used as in-store mobile POS and not for iPads being used by executives, or even those issued to store managers for, say, personnel evaluations and to update CRM files. Those POS tablets should never have any personal or corporate files on them. (Would you ever condone someone putting a salary spreadsheet into an NCR POS, if such a thing was possible?)

And as long as the device is just loaded with the essential POS-related apps (which are stored on a server and can be easily reinstalled, the way you’d ghost any corporate-issued laptop), then having it wiped is not a huge problem.

The downside is that any time a tablet leaves the range of a store’s Wi-Fi signal—whether because it’s been stolen, walked out by an unthinking associate or put inside a metal desk—the tablet will self-wipe and have to be reloaded with all the necessary software, including the POS app. And any power failure that takes out the Wi-Fi access points would be very disruptive to in-store mobile POS.

Then again, so would a hacker gaining wireless access to the POS system. As LP problems go, it could be worse.

Posted in In-Store, IT Strategy/Industry, Mobile/Wireless/Contactless, Payment Systems, Security/Fraud, Software

Comments are closed.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.