"Are you really sure ...?"

that you haven't just been lucky so far? The topic of cybercrime has arrived in retail and has simply shut down one or two chain stores in recent weeks and months! Nothing works anymore, no logging on to the system, no cashing up, no movement of goods - standstill.

Only the message at all workplaces: "Pay an amount of... within the next 24 hours!"

The topic is red hot. To inform you, we recommend a really factual contribution from 3sat. In it, it becomes clear how real and close these attacks are, which symptoms and causes can lead to catastrophic circumstances and consequences of cyber attacks. Being locked out of your own network from one day to the next? This is not a nightmare - unfortunately, this is the reality of cyber attacks. You can find the link to the 3sat report at the end of the article.

We, as poe, are very well aware of the danger from the internet and have been able to gather experience that we are happy to pass on to others today. Not only because we have long been sensitised to such issues as a software manufacturer, but also because we ourselves have unfortunately been the victim of a cyber attack. We can make three crosses in the calendar that we were able to locate the unwanted intruder "early" enough and thus exclude it. We were infested by a hafnium which, according to forensic analysis, settled on our Exchange Server in early August and was only discovered at the end of October. So for months we had been infested by ransomware (malware) without even suspecting it. It was only through the attention of two customers and a questionable email that we became aware of the threat and were able to act. To cut a long story short - we were lucky in that we were able to avoid major damage to ourselves and our customers and completely remove the malware from our network - these attacks are closer than you think!

We used this "experience" and, with the help of data forensic experts, analysed very precisely to what extent our own software products TRADEMAN and POSMAN are safe from attacks.

Our conclusion:

Our own software solutions are among the most secure on the market! How do we arrive at that? Definitely not trivial.

As early as February 2020, we subjected our cloud-based ERP software TRADEMAN to professional penetration tests in order to be able to identify security risks at an early stage. The gaps are very often based on combinations of security vulnerabilities in operating systems, operating system-related services or superficial handling of data. Access to the system is made possible via these "vulnerabilities" and then distributed internally across all systems in the network.

Both TRADEMAN and POSMAN can be operated entirely on a Linux operating system platform. When using TRADEMAN in the cloud, we have been relying exclusively on the use of Linux-based systems for years, thus hermetically shielding the entire purchasing and sales workflow from all other processes without losing integration capability. For communication between our systems and third-party systems, we do not use standard services from other manufacturers, but exclusively our own communication products.With these, we can examine very precisely on the database level whether the data packages/data source really only contain usable information or risks.
Because of this way of working, we believe we can say that the communication between our software solutions is the most secure on the market! This diagram serves as an illustration.

Of course, the POS hardware is also nothing more than a PC connected to the internet. However, when using Linux operating systems, the POS systems can be reduced to what is really necessary and human risks can be largely eliminated. This also does not affect the performance range and possibilities of the systems.

We have been deliberately developing our POSMAN POS software to be multiplatform-capable for more than 15 years and today use it on the Windows, Linux, iOS and Android operating systems throughout Europe.

Why don't you let us check whether we can help you achieve a significantly higher level of security with our products and secure the sales processes of your products - no matter who is trying to distribute themselves in your network.

If you are interested, just give us a signal or send us an email to sicherheit@poe.de. We treat this topic very confidentially.

With the development of our software products in the areas of POS, store management and ERP, we have specialised in branch-based customers in national and international retail.

The central systems TRADEMAN & tsm are the platform for integrating our software solutions into your operating environment. Regardless of whether you want to use our software solutions as a complete solution (ERP/ branch and cash register management & POS) or modularly as an integral component (branch and cash register management & POS) in your existing ERP environment, we integrate ourselves homogeneously into your system environment and ideally complement your existing software solutions.

We want to use the strengths of the different systems and not operate competing products. We customise our software products exactly to your needs in order to enable maximum automation. Teamwork is one of our greatest strengths!

Reading is good, talking is better. We look forward to your questions and requirements.

Product Use Cases

In the following use cases, we have prepared a few projects for you in which we briefly show you how and with which resources we have implemented certain customer requirements.

If you are interested, please take a look.

You can't? Yes, it can!
In a period of 14 months, more than 1000 cash register systems, distributed over approx. 250 branches, organised in 18 independent regional companies, had to be integrated into an existing CRM and financial accounting solution and put into operation nationwide. Unfortunately, a lot of software had to be "conjured up" first...

Starting situation
  • Umbrella organisation for central processing (parent company/ franchisor)
  • regional, independent companies that operate on their own responsibility
  • approx. 1000 POS systems nationwide which are assigned to the various regional companies via approx. 250 branches.
Requirements
  • common and individual master data
  • customisable, automated data distribution across the entire organisational structure
  • dynamic organisational structure (changes possible at any time)
  • comprehensive role management
  • Integration into upstream and downstream IT systems
  • Integration in AD environments
  • Implementation within 14 months
Actors/ Participants
  • Parent company/ franchisor
  • Subsidiaries/ franchisees
  • Employees in different roles at different levels
  • central data centre
  • Transformation specialists
  • internal and external developers
Resources used
  • Project management - approx. 200 days
  • Development - approx. 800 days
  • Implementation/ Transformation/ Trainings - approx. 200 days

The interested party obtained information from various suppliers of ERP and POS software solutions at an international trade fair based on his requirements profile. In addition to the factual requirements (requirements catalogue), legal and time-related framework conditions played a major role.
The catalogue of requirements describes all the performance features compiled by the parent company and the subsidiaries that have to be fulfilled.


The entire project was developed on the basis of the QITTS method and implemented within the given time frame. In addition to the development of new functionalities and online interfaces, essential performance features (Cascading of the ERP-system TRADEMAN) still had to be "invented" in order to be able to map the customer's requirements. Based on the languages and technologies used in TRADEMAN & POSMAN, the temporary integration of external software developers is possible at any time without producing security risks.

The central ERP and branch management systems were set up in the poe cloud as a private cloud environment and integrated into the existing Active Directory structure.
The project, planned in an implementation period of max. 14 months, was implemented within the given schedule and within the planned budget.

We can also do ticket systems!


You have important software in your company structure that has to work in cooperation with the cash register solution or the ERP system. We have the solution - and if we don't have the solution, we create one...

Starting situation
  • regional or supra-regional transport associations
  • approx. 50 distribution points spread throughout the entire transport association
  • Distribution points are managed independently, the transport association is the parent company.
Requirements
  • POS systems with fully automated interface to the ticket system
  • Connection to the web application of the ticket system
  • no more manual data transfers
  • Sale of tickets and own products (souvenirs, city guides, etc.) via a POS system
  • Cancellation of ticket sales with communication to the ticket system
  • Integration into upstream and downstream IT systems (ERP and FiBu)
Actors/ Participants
  • Transport association with sales offices
  • IT responsible employees at the customer, with background knowledge of the ticketing software
  • Transformation specialists
  • Interface description to the ticket system
Resources used
  • Project management - approx. 3 days
  • Development - approx. 5 days
  • Implementation/ Transformation/ Trainings - approx. 2 days

The customer got in touch with us through a former partner and presented us with the current ACTUAL situation. Until the cooperation with poe, all ticket sales were carried out via the ticket system's web application and entered manually into the POS system afterwards. This has the obvious disadvantages of requiring additional staff time and being error-prone in handling. A retraction or other cancellation processes could not be mapped.

The customer had explicit requirements for us and our POSMAN® POS solution, which he formulated as follows:

 

  •  Sale ticket
  •  Cancellation of cash ticket (before start of validity - payment of full ticket price)
  •  Return of cash ticket (after start of validity - payment of a part of the ticket price)
  •  Exchange of cash ticket (taking back the old ticket and selling a new one - e.g. in the event of a change of product or relationship)
  •  Refund of a replacement ticket
  •  Cash deposit into a contract account
  •  Service fee (for chip card replacement, return of a ticket, etc.)

 

The entire project was developed on the basis of the QITTS method and implemented within the specified time frame. In addition to the development of the urgently needed interface to the ticket system, our POSMAN POS software had already covered all requirements for the sale of other products with the standard version, so that no further special developments were necessary - our POS systems can already do a lot in the standard version! 


We developed the interface via an API Live Connection, which is especially helpful for the performance of the tills, as they then do not have to be populated with too much data - the tills simply run much faster this way.
We have installed the central ERP and branch management systems at the transport associations both locally and in our poe Cloud.

Through the successful completion of the project, we were able to inspire other transport associations that use the same ticketing software and successfully implement our ticketing solution there as well.

No time to lose - old solution provider insolvent

 

Implementation of 150 POS systems within nine months with central management solution in international use. The cash registers have to fulfil different fiscal requirements, be integrated into an existing ERP solution based on an AS400 and a central promotion system based on API....

The interested party approached poe through a recommendation and directly brought in his requirements and time aspects. In a direct conversation with the responsible employees from the development department, the necessary basis of trust could be established immediately in order to face the challenge together. The customer has very good expertise in all areas and thus avoided dependence on external service providers.


The catalogue of requirements included, in addition to the integration requirements via API, some special cash register functions and automatisms of customs-specific processing methods for the sale of goods to tourists from all over the world. The required cash register receipts must not only contain export information but also be created in the appropriate language.


The project was developed on the basis of the QITTS-Methode and implemented within the given time frame. In addition to the development of new functionalities and online interfaces, essential performance features first had to be adapted to customer-specific requirements. The central branch management systems were set up in the poe cloud environment.


The project, which was designed and planned to be extremely time-critical, was successfully implemented and introduced within the given time frame of nine months.

Starting situation
  • Customer with central ERP at company location
  • Europe-wide approx. 150 POS systems at approx. 100 locations
  • various subsidiaries throughout Europe
  • expansion of business area towards Asia and North America planned
  • different payment systems and providers
Requirements
  • central data management
  • automated installation and update processes
  • dynamic set-up of branches and cash registers
  • multilingual, multi-fiscal with different payment systems
  • Integration into existing ERP solution
  • Implementation within nine months
Actors/ Participants
  • Client/ central IT
  • Employees of the different areas of responsibility
  • poe data centre
  • Transformation specialists
  • internal and external developers
Resources used
  • Project management - approx. 20 days
  • Development - approx. 20 days
  • Implementation/ Transformation/ Trainings - approx. 20 days