"Are you really sure ...?"

that you haven't just been lucky so far? The topic of cybercrime has arrived in retail and has simply shut down one or two chain stores in recent weeks and months! Nothing works anymore, no logging on to the system, no cashing up, no movement of goods - standstill.

Only the message at all workplaces: "Pay an amount of... within the next 24 hours!"

The topic is red hot. To inform you, we recommend a really factual contribution from 3sat. In it, it becomes clear how real and close these attacks are, which symptoms and causes can lead to catastrophic circumstances and consequences of cyber attacks. Being locked out of your own network from one day to the next? This is not a nightmare - unfortunately, this is the reality of cyber attacks. You can find the link to the 3sat report at the end of the article.

We, as poe, are very well aware of the danger from the internet and have been able to gather experience that we are happy to pass on to others today. Not only because we have long been sensitised to such issues as a software manufacturer, but also because we ourselves have unfortunately been the victim of a cyber attack. We can make three crosses in the calendar that we were able to locate the unwanted intruder "early" enough and thus exclude it. We were infested by a hafnium which, according to forensic analysis, settled on our Exchange Server in early August and was only discovered at the end of October. So for months we had been infested by ransomware (malware) without even suspecting it. It was only through the attention of two customers and a questionable email that we became aware of the threat and were able to act. To cut a long story short - we were lucky in that we were able to avoid major damage to ourselves and our customers and completely remove the malware from our network - these attacks are closer than you think!

We used this "experience" and, with the help of data forensic experts, analysed very precisely to what extent our own software products TRADEMAN and POSMAN are safe from attacks.

Our conclusion:

Our own software solutions are among the most secure on the market! How do we arrive at that? Definitely not trivial.

As early as February 2020, we subjected our cloud-based ERP software TRADEMAN to professional penetration tests in order to be able to identify security risks at an early stage. The gaps are very often based on combinations of security vulnerabilities in operating systems, operating system-related services or superficial handling of data. Access to the system is made possible via these "vulnerabilities" and then distributed internally across all systems in the network.

Both TRADEMAN and POSMAN can be operated entirely on a Linux operating system platform. When using TRADEMAN in the cloud, we have been relying exclusively on the use of Linux-based systems for years, thus hermetically shielding the entire purchasing and sales workflow from all other processes without losing integration capability. For communication between our systems and third-party systems, we do not use standard services from other manufacturers, but exclusively our own communication products.With these, we can examine very precisely on the database level whether the data packages/data source really only contain usable information or risks.
Because of this way of working, we believe we can say that the communication between our software solutions is the most secure on the market! This diagram serves as an illustration.

Of course, the POS hardware is also nothing more than a PC connected to the internet. However, when using Linux operating systems, the POS systems can be reduced to what is really necessary and human risks can be largely eliminated. This also does not affect the performance range and possibilities of the systems.

We have been deliberately developing our POSMAN POS software to be multiplatform-capable for more than 15 years and today use it on the Windows, Linux, iOS and Android operating systems throughout Europe.

Why don't you let us check whether we can help you achieve a significantly higher level of security with our products and secure the sales processes of your products - no matter who is trying to distribute themselves in your network.

If you are interested, just give us a signal or send us an email to sicherheit@poe.de. We treat this topic very confidentially.

With the development of our software products in the areas of POS, store management and ERP, we have specialised in branch-based customers in national and international retail.

The central systems TRADEMAN & tsm are the platform for integrating our software solutions into your operating environment. Regardless of whether you want to use our software solutions as a complete solution (ERP/ branch and cash register management & POS) or modularly as an integral component (branch and cash register management & POS) in your existing ERP environment, we integrate ourselves homogeneously into your system environment and ideally complement your existing software solutions.

We want to use the strengths of the different systems and not operate competing products. We customise our software products exactly to your needs in order to enable maximum automation. Teamwork is one of our greatest strengths!

Reading is good, talking is better. We look forward to your questions and requirements.

Product Use Cases

In the following use cases, we have prepared a few projects for you in which we briefly show you how and with which resources we have implemented certain customer requirements.

If you are interested, please take a look.

You can't? Yes, it can!
In a period of 14 months, more than 1000 cash register systems, distributed over approx. 250 branches, organised in 18 independent regional companies, had to be integrated into an existing CRM and financial accounting solution and put into operation nationwide. Unfortunately, a lot of software had to be "conjured up" first...

Starting situation
  • Umbrella organisation for central processing (parent company/ franchisor)
  • regional, independent companies that operate on their own responsibility
  • approx. 1000 POS systems nationwide which are assigned to the various regional companies via approx. 250 branches.
Requirements
  • common and individual master data
  • customisable, automated data distribution across the entire organisational structure
  • dynamic organisational structure (changes possible at any time)
  • comprehensive role management
  • Integration into upstream and downstream IT systems
  • Integration in AD environments
  • Implementation within 14 months
Actors/ Participants
  • Parent company/ franchisor
  • Subsidiaries/ franchisees
  • Employees in different roles at different levels
  • central data centre
  • Transformation specialists
  • internal and external developers
Resources used
  • Project management - approx. 200 days
  • Development - approx. 800 days
  • Implementation/ Transformation/ Trainings - approx. 200 days

The interested party obtained information from various suppliers of ERP and POS software solutions at an international trade fair based on his requirements profile. In addition to the factual requirements (requirements catalogue), legal and time-related framework conditions played a major role.
The catalogue of requirements describes all the performance features compiled by the parent company and the subsidiaries that have to be fulfilled.


The entire project was developed on the basis of the QITTS method and implemented within the given time frame. In addition to the development of new functionalities and online interfaces, essential performance features (Cascading of the ERP-system TRADEMAN) still had to be "invented" in order to be able to map the customer's requirements. Based on the languages and technologies used in TRADEMAN & POSMAN, the temporary integration of external software developers is possible at any time without producing security risks.

The central ERP and branch management systems were set up in the poe cloud as a private cloud environment and integrated into the existing Active Directory structure.
The project, planned in an implementation period of max. 14 months, was implemented within the given schedule and within the planned budget.

We can also do ticket systems!


You have important software in your company structure that has to work in cooperation with the cash register solution or the ERP system. We have the solution - and if we don't have the solution, we create one...

Starting situation
  • regional or supra-regional transport associations
  • approx. 50 distribution points spread throughout the entire transport association
  • Distribution points are managed independently, the transport association is the parent company.
Requirements
  • POS systems with fully automated interface to the ticket system
  • Connection to the web application of the ticket system
  • no more manual data transfers
  • Sale of tickets and own products (souvenirs, city guides, etc.) via a POS system
  • Cancellation of ticket sales with communication to the ticket system
  • Integration into upstream and downstream IT systems (ERP and FiBu)
Actors/ Participants
  • Transport association with sales offices
  • IT responsible employees at the customer, with background knowledge of the ticketing software
  • Transformation specialists
  • Interface description to the ticket system
Resources used
  • Project management - approx. 3 days
  • Development - approx. 5 days
  • Implementation/ Transformation/ Trainings - approx. 2 days

The customer got in touch with us through a former partner and presented us with the current ACTUAL situation. Until the cooperation with poe, all ticket sales were carried out via the ticket system's web application and entered manually into the POS system afterwards. This has the obvious disadvantages of requiring additional staff time and being error-prone in handling. A retraction or other cancellation processes could not be mapped.

The customer had explicit requirements for us and our POSMAN® POS solution, which he formulated as follows:

 

  •  Sale ticket
  •  Cancellation of cash ticket (before start of validity - payment of full ticket price)
  •  Return of cash ticket (after start of validity - payment of a part of the ticket price)
  •  Exchange of cash ticket (taking back the old ticket and selling a new one - e.g. in the event of a change of product or relationship)
  •  Refund of a replacement ticket
  •  Cash deposit into a contract account
  •  Service fee (for chip card replacement, return of a ticket, etc.)

 

The entire project was developed on the basis of the QITTS method and implemented within the specified time frame. In addition to the development of the urgently needed interface to the ticket system, our POSMAN POS software had already covered all requirements for the sale of other products with the standard version, so that no further special developments were necessary - our POS systems can already do a lot in the standard version! 


We developed the interface via an API Live Connection, which is especially helpful for the performance of the tills, as they then do not have to be populated with too much data - the tills simply run much faster this way.
We have installed the central ERP and branch management systems at the transport associations both locally and in our poe Cloud.

Through the successful completion of the project, we were able to inspire other transport associations that use the same ticketing software and successfully implement our ticketing solution there as well.

Kein Zeit zu verlieren – alter Lösungsanbieter insolvent


Einführung von 150 Kassensystemen innerhalb von 9 Monaten mit zentraler Management-Lösung im internationalen Einsatz. Die Kassen müssen unterschiedliche fiskalischen Anforderungen erfüllen, in eine vorhandene ERP-Lösung auf Basis einer AS400 integriert und ein zentrales Promotion-System auf Basis API integriert werden....

Ausgangssituation
  • Kunde mit zentraler ERP am Unternehmensstandort
  • Europaweit ca. 150 POS-Systeme an ca. 100 Standorten
  • verschiedene Landesgesellschaften in ganz Europ
  • Ausweitung Geschäftsfeld in Richtung Asien und Nordamerika geplant
  • unterschiedliche Zahlungs-Systeme und - Anbieter
Anforderungen
  • zentrales Datenmanagement
  • automatisierte Installations- und Updateprozesse
  • dynamischer Neuaufbau von Filialen und Kassen
  • mehrsprachig, mehrfiskalisch mit unterschiedlichen Zahlngssystemen
  • Integration in vorhandene ERP-Lösung
  • Umsetzung innerhalb von 9 Monaten
Akteure/Mitwirkende
  • Auftraggeber / zentrale IT
  • Mitarbeiter der unterschiedlichen Aufgabengebiete
  • poe-Rechenzentrum
  • Transformationsspezialisten
  • Interne und externe Developer
Genutzte Ressourcen
  • Projektmanagement – ca. 20 Tage
  • Development – ca. 20 Tage
  • Implementierung / Transformation / Trainings – ca. 20 Tage

Der Interessent ist über eine Empfehlung an poe herangetreten und hat seine Anforderungen und zeitlichen Aspekte direkt eingebracht. In einem direkten Gespräch mit den verantwortlichen Mitarbeitern aus dem Bereich Development konnte sofort die notwendige Vertrauensbasis aufgebaut werden, um sich der Herausforderung gemeinsam zu stellen. Der Kunde hat in allen Bereichen eine sehr gute Fachkompetenz und damit Abhängigkeit von externen Dienstleistern vermeiden.


Der Anforderungskatalog umfasste, neben den Integrationsanforderungen per API, einige spezielle Kassenfunktionen und Automatismen zollspezifischer Abwicklungsmethodiken für den Warenverkauf an Touristen aus der ganzen Welt. Die erforderlichen Kassen-Belege müssen dabei nicht nur Ausfuhrinformationen enthalten sondern auch in entsprechender Sprache erstellt werden.


Das Projekt wurde auf Basis der QITTS-Methode entwickelt und innerhalb des vorgegeben Zeitrahmens umgesetzt. Neben der Entwicklung von neuen Funktionalitäten und Online-Schnittstellen mussten wesentliche Leistungsmerkmale erst noch kundenspezifisch adaptiert werden.
Die zentralen Filial-Managementsysteme wurden in der poe-Cloud Umgebung aufgebaut.


Das Projekt, extrem zeitkritisch angelegt und geplant, wurde im vorgegebenen Zeitraum von 9 Monaten erfolgreich umgesetzt und eingeführt.