Not So Grande: Free Coffee Served at Starbucks during Major POS Failure

May 04, 2015

“A widespread systems outage hit Starbucks stores in the United States and Canada Friday night, leading to many locations giving away free drinks…” (Source @ msn.com on 4/26/2015)

Starbucks touts fairly modern systems and certainly have droves of IT personnel maintaining, managing and monitoring their store environments. However, they failed to keep the systems up and exposed a major point of failure that brought down hundreds of stores. So how did their POS fail so badly?

Many retailers try to cut out third party service costs, like mission-critical payment processing, in order to shave every last cent off of their cost of sales. However, they tend to take on too much of the many moving parts in-house and expose their companies to huge liability and significant losses in the long run. An example of these kinds of issues are evident in the recent breaches of major retailers like Target and Home Depot.

It’s not just the larger retailers that suffer from these types of issues. Thousands of smaller retailers possess systems that often have multiple points of failure. Unfortunately, it is often too late to reverse the damage once these flaws become apparent.

Let’s explore some all too common weak spots of homegrown and third party retail solutions on the market: 

• Cardholder data/encryption key breaches - There are great new security approaches in place like P2PE (point-to-point encryption) that keep sensitive data out of a merchant’s environment. However, keys used for encryption by a payment processor can become compromised. If a retailer is depending on a single key with no redundancy, their ability to process credit cards could be brought down easily. 
• POS-targeted malware and viruses - There are several types of POS malware in use, like Dexter and Stardust, which use memory scraping techniques to locate specific card data and transmit the data outside a retailer’s network. Other more generic viruses can cause instability to POS software and ability to complete transactions.
• Server or network is compromised in a client/server environment - Server unavailability can render stores down, terminals unable to process payments, or prevent clerks from getting item or customer information.
• The internet is down - Many new point-of-sale solutions are cloud based and are severely compromised or cannot run at all without internet access.   If the internet is down and the POS stops working, there is no revenue.
• Proper & easy testing before upgrades - Many POS vendors do not provide adequate and simple testing environments to test new releases or upgrades. This can result in buggy software that compromises transaction integrity.
• PC/POS device crashes - If a POS terminal crashes (hard disk, OS, etc.), how long does it take to deploy a new station? Does that data have to be restored from backup? POS systems that do not communicate with a server or cloud service in real-time risk data and extensive time loss in the event of a crash.

Retailers should not be in the business of managing these systems. Choosing to do so is the equivalent of cranking your own electricity. It is much more efficient to leverage the cloud and simplify the in-store environment with lightweight and offline capable apps and devices.

Using a leading cloud service like NetSuite or Salesforce as your single back-office ERP/CRM engine outsources all the complexities of the back-office and provides robust disaster recovery support. These proven, secure platforms coupled with SuitePOS (iOS) for Apple iPad and iPhone, greatly minimize the possibility of downtime and simplifies maintenance and scalability as much as possible.

---

Also in Blog