Cloud Computing?

Posted on by ccsretail
Are You Ready For The Cloud?
 
Cloud computing refers to the use of computing resources, those being hardware and/or software that reside on a remote machine and are delivered to the end user as a service over a network, with the most prevalent example being the internet. By definition, a user entrusts his data to a remote service, on which has limited to no influence.
 
Cloud computing offers numerous advantages both to end users and businesses of all sizes. The obvious huge advantage is that you no more have to support the infrastructure or have the knowledge necessary to develop and maintain the infrastructure, development environment or application.The burden has been lifted and someone else is taking care of all that. Business are now able to focus on their core business by outsourcing all the hassle of IT infrastructure.
 
Some Advantages Are:
 
Cost Efficiency
 
This is the biggest advantage of cloud computing, achieved by the elimination of the investment in stand-alone software or servers. By leveraging cloud’s capabilities, companies can save on licensing fees and at the same time eliminate overhead charges such as the cost of data storage, software updates, management etc. The cloud is in general available at much cheaper rates than traditional approaches and can significantly lower the overall IT expenses. At the same time, convenient and scalable charging models have emerged (such as one-time-payment and pay-as-you-go), making the cloud even more attractive.
 
Convenience and continuous availability
 
Public clouds offer services that are available wherever the end user might be located. This approach enables easy access to information and accommodates the needs of users in different time zones and geographic locations. As a side benefit, collaboration booms since it is now easier than ever to access, view and modify shared documents and files.
 

Cloud is environmentally friendly

The cloud is in general more efficient than the typical IT infrastructure and It takes fewer resources to compute, thus saving energy. For example, when servers are not used, the infrastructure normally scales down, freeing up resources and consuming less power. At any moment, only the resources that are truly needed are consumed by the 

system.

Some Disadvantages

As made clear from the above, cloud computing is a tool that offers enormous benefits to its adopters. However, being a tool, it also comes with its set of problems and inefficiencies. Let’s address the most significant ones. 

Security and privacy in the Cloud
 
Security is the biggest concern when it comes to cloud computing. By leveraging a remote cloud based infrastructure, a company essentially gives away private data and information, things that might be sensitive and confidential. It is then up to the cloud service provider to manage, protect and retain them, thus the provider’s reliability is very critical. A company’s existence might be put in jeopardy, so all possible alternatives should be explored before a decision. On the same note, even end users might feel uncomfortable surrendering their data to a third party.
 
Dependency and vendor lock-in
 
One of the major disadvantages of cloud computing is the implicit dependency on the provider. This is what the industry calls “vendor lock-in” since it is difficult, and sometimes impossible, to migrate from a provider once you have rolled with him. If a user wishes to switch to some other provider, then it can be really painful and 
cumbersome to transfer huge data from the old provider to the new one. This is another reason why you should carefully and thoroughly contemplate all options when picking a vendor.
 
Technical Difficulties and Downtime
 
Certainly the smaller business will enjoy not having to deal with the daily technical issues and will prefer handing those to an established IT company, however you should keep in mind that all systems might face dysfunctions from time to time. Outage and downtime is possible even to the best cloud service providers, as the past has shown.
 

Additionally, you should remember that the whole setup is dependent on internet access, thus any network or connectivity problems will render the setup useless. As a minor detail, also keep in mind that it might take several minutes for the cloud to detect a server fault and launch a new instance from an image snapshot.

If you have any system questions or concerns, contact the CCS Retail Systems Support Department at 800.672.4806 or email us.

-Bryan

Using Strong Passwords

Posted on by ccsretail

I am seeing more and more where different websites are requiring stronger passwords. Passwords are considered strong when the consist of 8 or more characters, include at least 1 capital letter, a number and some type of punctuation and not used at another site.   

Well if you’re like me, trying to remember a strong password is not easy with all the different websites that require a password.  But there is a way!  Password managers allow you create 1 password that will remember all of your other passwords.  

There are may different ones out there now a days, so do some research to see what will work best for you.  Things you should look at is if it will work with your favorite browser, does it include a password generator (this is helpful for creating strong passwords), and does it work across all your devices. 

With a little re-training of yourself to start using a password manager, you will only need to remember 1 password for access to all of your important sites. 

Some possible password managers to look at are: Dashlane, Keepass, and DriodPass (Android).  There are many others – just Google “password managers”.

-Bryan

User training

Posted on by ccsretail

TrainingIf you have a retail store, you already know that there is a lot of training required for most of your new employees.  I am often amazed, however, when a store employee does not know how to log into the computer, or register, that they need to use for their job.

It appears that many times these computers are left logged in all of the time.  This is a very bad practice, for several reasons.  Most of which I have gone over before, but include security risks, and an increased risk of corruption in the event of a power loss or system crash, due to more files being open.

For those that do log out, most have their Windows system set to default the username to the last one that logged in.  So, users simply have to type in the password to log in.  These users know the password, but a large number of them do not know the correct username to use.  In that case, if someone else logs in, say the administrator for system maintenance, the user then can not get logged in because they do not know what to change the user name to.  Or, in fact, that they need to change the username.

This is such a basic part of what employees need to do to perform their duties.  It should be stressed to employees how to properly log in.  Also, it should be part of the “refresher” training that employees should be having periodically.

Dave.

CP-SQL: Voiding tickets paid with debit cards

Posted on by ccsretail

CP-Tiicket EntryThere is a question that has come up a few times with some of our customers.  This is the scenario:  A ticket is run for a customer, who pays with a debit card (not a credit card), and the ticket is completed.  Then, for some reason, it is desired to void the ticket.  If the ticket was paid with a credit card, or any other way than via a debit card for that matter, this is possible.  However, if you attempt to void a completed ticket that was paid with a debit card, you get a message that this cannot be done.

The reason for this, is that debit cards and credit cards are processed differently.  With a credit card, at the time of the transaction, the charge is authorized.  When this happens, the credit card processor verifies that the card is valid, and has sufficient credit available.  Additionally, the card issuing company is made aware of an upcoming charge, and the amount.  Basically, when the charge is authorized, there is an agreement that the funds will be transferred at some point in the future.  However, the actual transfer is not initiated until the credit cards transactions are settled.

So, with a credit card transaction, if the ticket is voided after the fact, and before the transactions are settled, what happens is that transaction drops out of the records to settle.  With no settlement for that transaction, the actual transfer of money is not started.  That is why sometimes a customer will see a “pending” transaction for several days, until the authorization expires.

With debit cards, it is a little different.  The processing of a debit card does not generate an authorization, but actually initiates the money transfer request.  This does not mean that debit transactions will be received by the merchant any quicker, as the actual transfer takes place at a later time.  However, it does mean that at the point the transaction is done, that the transfer will take place the next time that the issuing company processes its transfers.  

In order to void a completed debit transaction, then, a reversing transaction would need to be generated.  It is not a matter of just not settling the transaction.

So, how do you deal with this issue?  Do a return ticket, for the identical items that were sold.  Then, use the same debit card for the payment (credit for the return) that was used for the original ticket.  This will create the reversing transaction, to balance everything out.  Be aware, however, it may take a day or two for both transactions to process all the way through.

Dave.

Where did that email actually come from?

Posted on by ccsretail

Mail - Send.pngIn today’s world of spam and phishing, it can be very useful to be able to find out where an email actually came from.  Just because it says that it is from “someone@domain.com”, does not mean that is who sent it.  Nor, does it even mean that it came from anyone at “domain.com”.

What can not be faked, however, is the delivery trace.  All emails contain headers that log the date, time, and IP address, for every computer that had a hand in delivering that email.  From the originator, to their mail server, to the next server, and so on until it arrives at your mailbox.

The trick is to get to and interpret those headers.  Each email client differs in the manner that you get to these headers.  In Outlook (depending on the version), you right-click on the message and select “Options”.  In Eudora, you click the “BLAH-BLAH” button,  Sometimes getting to the headers is the hardest part.

Assuming you have been able to see the mail headers, what are you looking for?  The “received” headers.  The following is an example of a “received” header (with some data obscured for security reasons):

    Received: from mailserver.domain.com (resolved.name.of.server [192.168.1.1])
            by mailserver.somedomain.com (8.14.8/8.14.7) with ESMTP id s4TEU1RO007434
            for ; Thu, 29 May 2014 07:30:02 -0700

This received line is one in the middle.  The relevant information is

    The message was received from “mailserver.domain.com.  More importantly, the IP address of that machine is 192.168.1.1
    The machine that received the message at this step, was mailserver.somedomain.com

So with that, you have the sending and receiving machine at each hop that the mail took.  Usually, these received headers are in reverse order, with the latest at the top, and earlier ones below.  So you start with the last received header, and that usually identifies the machine that actually sent the email.  Then, the received line above that is the next hop and so on.  If the email originated inside a private network, you may have to check a few received lines, until you get one that has a public IP address.  

Once you have a public IP address, then it is a matter of identifying where that address actually is.  There are several tools for this available on the internet.

Dave.

Signs you have been hacked

Posted on by ccsretail

Database - SearchSometimes your system can be compromised, and there is no obvious indications that anything has occurred.  Recently, however, we have seen cases of systems being hacked, when there was obvious indications that something had occurred.

When a user first logs in for the day, and their desktop has been changed, or new programs have been installed, that should be a red flag.  While it is true that many larger companies will do updates after hours, if no one has said anything about it ahead of time, the user needs to alert their supervisor immediately.

What I have seen includes the desktop icons have been re-arranged.  New icons on the desktop, especially ones for remote control such as VNC (Virtual Network Connection) and some of its variants.  It could be just about anything that is just different.

If that occurs, the machine should be shut down immediately, and reported to a supervisor, or the IT department.  If it is a case of legitimate changes having been made, there is no harm, and the machine can be brought back into service.  If the changes are not legitimate, then by shutting down the potential for additional damages, such as stealing information, or participating in a botnet, are prevented while a course of action is determined.

At CCS we are very familiar with issues like this.  Contact our support department if you suspect your have been hacked and your IT department is not familiar with this issue.

Dave.

We Just Power-off The Server

Posted on by ccsretail

We Just Power-off The Server.

power-switch.pngOver the years I have run into situations where Point of Sale systems artificially fail due to avoidable crisis scenario’s.  Most often, this revolves around not properly  powering-down Point of Sale equipment.

Here’s example of one recent power related interaction:

Clerk:  “I cant get into my POS software”

Tech Support:  “I can’t get on remotely, it looks like your server is turned off”

Clerk:  Yeah, it’s off.  We were having problems earlier, so we just shut it off”.

Tech Support:  “The server has to be on in order for the registers to connect to the database  and the Internet.”

Tech Support:  “Do you normally do a proper shutdown of the servers and registers?” 

Clerk: “We either just press the blue power button on the big box, or more often we just press  the power on the UP’s Box because shuts off faster!”

Tech Support, “Do you mean the UPS (Uninterruptible Power Supply)?”

Clerk:  Yes.

Tech Support:  In situations like this, it’s recommended that you first log out of any open software  applications that you are using and the use the Windows “Shutdown” or “Restart” command, whichever is  appropriate for the given situation.”

Clerk: Ok.
There are a number of serious issues here as follows:

1.  Lack of Training – This clerk has needs more information  on the equipment that is being used, and in proper server/workstation shutdown/restart procedures.  This can be a training or management issue, or both.  With a Point of Sale system it is advisable that someone who understands the proper  shutdown/restart commands for the registers and application server be available for all shifts..

2.  Operating System and Data Corruption –  there is a strong likelihood  that the operating system, the application software, or the database has corruption.  Another example of this would involve a users powering of the server or register while it was  in the middle of doing a Windows Update installation. This could corrupt the operating system.

3. Overnight processing doesn’t happen– If servers are off, no overnight processing functions run.  This could result in a lot of things NOT happening such as:

  • Backups
  • Database re-indexing
  • Automated Credit Card Settlement,
  • End of Sale sales Posting.

Additionally, there are some situations that are beyond the control of end-users, however, they should be addressed if there are problems:

  • Faulty or marginal POS equipment.
  • Faulty UPS (bad battery, failure to clamp during outages).
  • Damaged network cables
  • Faulty or marginal network switches or Network Cards.
  • Faulty power circuits.

If you are having any of the above scenario’s or issues, please contact the CCS Retail Systems Support Department for assistance.

– John

What is the end result of falling to routinely purge historical data?

Posted on by ccsretail

There are a number of factors that you should consider in making purge decisions.

As the amount of data that you have increases, more disk space is used and so exponentially so  does the amount of resources required to do various tasks.  This situation puts more resource pressure on your server and increases the amount of time that it takes to complete even routine tasks.

As an example, running history reports could end up taking a considerable amount of time which may end-up reducing overall staff productivity if people are constantly waiting for something to complete.  Depending what kind of resource limiters are in place on your server, as time goes on this process could end-up bogging down your server.

While Retailers only keep about (2) two years of detailed history,  I have found many instances over the years where some companies have many, many years of detailed history on file.  In one recent example, a customer who wanted to upgrade was found to have over 25 years of detailed history on file.  Not having purged this data before hand created and extended upgrade process.

Normally, it is best to schedule purging operations for times when there is no one using the application software.  Generally, there are at least (4) four good reasons for this as follows:

1.  Purging operations usually require a lot of CPU and memory usage.  So if this is done during peak hours, it can bog down your server.

2.  Some historical purging operations will hang and wait if it encounters a record that is in use. This artificially extends the amount of time required to complete the purging operation.

3.  Data Corruption – f you are purging database files of tables that are updated as part of a posting operation, this could result in on or more of those operations hanging, failing to complete, and/or possible corrupting some of the data in your database.

4.  Software upgrades – in order to help reduce time and cost on upgrades to newer software, it may be  necessary to do considerable purging of data prior to starting the upgrade.  Waiting to do this type of maintenance until crunch time can have much less that desirable outcome that you might want.

If you have questions about purging and file utility usage, please contact the CCS Retail Systems Support Department.
– John

Have Receipt… Will Shoplift

Posted on by ccsretail

Have Receipt… Will Shoplift

ShopliftingWhile shoplifting has always been a concern of retailers, in recent years criminals have been getting more sophisticated in their methods of operation.  Some of the latest techniques involve discarded  customer receipts that are obtained from various sources such as those found discarded in parking lots, external and internal trash receptacles, and via dumpster diving. 

The shoplifter’s use the receipts to compile a “theft list”, and then walk into the various stores with the  receipts in-hand, gather up the items,  and then often head straight to the stores return department. As a recent example of this type of activity, the Bellingham, WA police recently recovered dozens of receipts in a backpack  that was tied to an ongoing shoplifting investigation that was using the same techniques referenced above

For more details, see the following komonews.com link:

Unless store security personnel are being vigilant, some of this may go undetected, especially in smaller businesses with  limited security capabilities.  Some examples of ways that help prevent this type of theft are:

  • Customers being vigilant about not discarding their receipts on or near store premises.
  • Store Policies that require items brought into the store to be returned, being tagged and verified, and then be brought directly to the return department.
  • Requirements that Identification be presented on ALL returns.
  • Limiting returns to the method of payment that was used.
  • Stores keeping a list of “high Volume” returners for identification, if required. 

– John

What’s the difference between an update and an upgrade?

Posted on by ccsretail

Software Updates

Software UpdateSoftware updates are  typically smaller and more minor or intermediate updates.  Normally these are “install in-place” updates, and are the least invasive and time consuming type of  update.  Usually this type of update targets specific software issues, such as: 

  • Corrections for known critical software issues. – something that prevents the software from functioning as designed.
  • Minor software design changes to enhance the use of a particular area of the software.
  • Mandated Credit Card processor software changes. – This could involve security related enhancements.
  • Payroll and Accounts Payable updates related to W-2 and 1099 Printing

Software Upgrades 

Software upgrades typically revolve around major software changes that may involve any or all of the following:

  • Major design change to the software that could require un-installing part or all of the existing software, and installing the new software in a new folder.  This could also  involve updating client software installed on existing workstations.
  • Adding new database tables or files, and require updating your existing custom software reports to reflect those changes.
  • A Complete restructuring of your database.  This could involve a lot of processing time to complete the work involved and some extended down time.

Firmware updates

Hardware manufacturers periodically release firmware updates that do various things such as correcting known device issues, and providing support for newly released software features.

As an example, if you currently have existing Ingenico ISC 250 Pin Pads in use now,  it will most likely require a firmware update for the device to be considered ready to meet the need Chip/Pin requirements that Visa and MasterCard have officially set. The deadline for retailers to adopt to EMV (chip and PIN) credit card technology is be October 2015, for any all stores will be expected to accept these kinds of cards.

This means that minimally, these units will need to have their firmware flashed (i.e. updated) prior to that date.

If you would like to schedule a review of you software for updates, or upgrades,  and hardware for needed firmware updates, please contact the CCS Retail Systems Support Department.

– John