x

register

Am I going crazy, or does the UK Register system have some security flaws in it's software.
I have passcodes set for just about everything, logging in, backing out of sales, after each sale, discounts etc.
BUT... if I or anyone else logs out then top left of screen it says "Configure device" if you click on that you can change lots of settings without being logged in, so anyone can change them, including a night time intruder.
More of a worry is when I come in every morning, nobody is logged in, and the system has rebooted in the night (apparently it's supposed to) but... without logging in ...the sales screen is showing, and has full access to start sales, you can also access everything on the system, including sales figures for any day you care to look at, full customer information for customers stored in your system. 
This is crazy, you can access everything without logging in... a burglar could have a field day, including changing all your settings, all this without logging in.
Has anyone else noticed this?.

1,293 Views
Message 1 of 4
Report Inappropriate Content
3 REPLIES 3
Admin

Hi @chocolateguy, thank you for sharing this! I will definitely try my best to help with this here.

 

The Configure Device tab should only allow you to change: WiFi network, brightness, sound, accessibility feature and check nightly reboot. This will not allow people to change anything regarding account specific settings, but just makes easier should people need to reboot their internet quickly to troubleshoot the Register without having to fully login.

 

If nobody is logged in and you have your passcode enabled, no one will be able to access anything without entering a passcode and even then, they won't be able to access anything that they aren't set to access. 

 

One thing worth checking is when team passcode is required on the device. It might be good to set it so passcode is required after logout, for example. You can read more about setting up passcodes in your Point of Sale here

 

If the Team Passcode is not working as described above, please do contact our Support team directly. We'll be able to investigate this further to make sure it isn't a bug with the Register. 

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!
1,282 Views
Message 2 of 4
Report Inappropriate Content

what the system is supposed to do and what it is actually doing are different things. I can assure you.,.. I CAN access the whole system after reboot without logging in. Passcodes are enabled to be required after logout, as well as after each sale. The fact someone can just access the system and change the wireless settings without passcodes is alarming. 

 

You said "

If nobody is logged in and you have your passcode enabled, no one will be able to access anything without entering a passcode and even then, they won't be able to access anything that they aren't set to access. "

 

Sorry but this is not true, after reboot anyone can access the WHOLE system without logging in. I did it again this morning.

 

1,281 Views
Message 3 of 4
Report Inappropriate Content
Admin

Thanks for letting me know @chocolateguy! If that's the case, it does sound like there might be a bug with the Team Passcode settings on that particular Register. It'll be best if you can contact our Support team directly; they'll be able to run through troubleshooting steps with you (there are some steps you can check here as well), check the passcode settings within the Register and also escalate it to our engineering team if needed as well. 

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!
1,274 Views
Message 4 of 4
Report Inappropriate Content