Minneapolis -- Best Buy Co.'s Best Buy Express plans to add nearly 100 kiosk locations in the next year spread over a variety of new channels.

The division has opened 150 Express locations in three years, and said it is adding two locations at Downtown Disney District in Anaheim, Calif., and multiple locations at college campuses, events and ferry hubs this year.

Best Buy Express is a self-serve kiosk solution offering consumer electronics at Best Buy prices. With locations in airports, train stations, casinos and turnpike rest stops, Best Buy Express sells such products as computer accessories, digital cameras, storage devices and headphones through strategically located kiosks.

"The arrival of our self-serve kiosks at Disney is a testament to the continued growth of Best Buy Express," said Julie St. Marie, business leader of Best Buy Express. 

From SecureIDNews -- Link

Pilots concluding but final access control policies still more than a year out

John Schwartz, program manager for the Transportation Worker Identification Credential (TWIC), was going to begin an update on the program with the words "eight-years ago," but then thought better of it. It has been that long since Congress mandated that the Transportation Security Administration (TSA) create a credential for secure access to ports, and the agency is still working on the roll out.

It will most likely be 2012 before there are widespread readers electronically verifying the credentials, Schwartz said during a presentation at the Interagency Advisory Board meeting in September. But while critics dismiss the credential as an expensive flash pass, progress has been made toward wide-scale electronic verification at ports.

The TSA reports that at 135 enrollment centers across the country, 1.7 million workers have been enrolled and of those 1.6 million have activated their ID.

Schwartz and his team are working on a congressionally-mandated reader test that will lead to the final rule for reading the TWIC. His team has done testing in the lab, in the field without looking at the impact on a port's business processes and finally in the field while considering at the impact on business.

Through lab testing the TSA approved 28 readers and associated systems, Schwartz says. The lab tests looked at reader performance in different environmental conditions, extreme hot and cold temperatures, water and humidity, as well as durability tests.

The 28 approved readers include two alternative biometric systems. If a port can show a chain of trust in enrolling a worker in the local physical access control system, it is acceptable to use an alternative biometric, such as iris, to access the facility.

TWIC follows the FIPS 201 specification but diverges in the utilization of biometric and contactless technologies. In order to access the biometric on a TWIC a cardholder must be enrolled in the local physical access control system first. That means the TWIC privacy key, which is storied on the card's magnetic stripe and chip, must be registered into the local physical access control system before it can be read using the contactless interface.

This is different from other PIV credentials where the biometric is accessed only via the card's contact interface. TWIC modified the FIPS 201 spec for its use because port operators demand high throughput and PIN protected contact interface reads were deemed too time intensive.

For the field-testing, Congress instructed that the readers be used in at least five distinct geographic locations to test the business processes, technology and operational impacts.

The sites selected for the tests needed to be from a broad spectrum of operations and climates, Schwartz says. The final report on the testing was due in April but implementing specifications and identifying volunteer ports delayed the project.

The TSA received $8.1 million to provide independent testing, data collection and analysis, Schwartz says. The ports, terminal and vessel operators received $23 million in security grants with $15 million for the pilot and the remainder held in reserve for future reader deployments.

While $15 million may sounds like a lot of money to spend on readers, it wasn't spent just on that technology, Schwartz explains. Cabling, updating infrastructure and deploying physical access control systems had to be done in many instances for the system to work.

The tests have already generated some important lessons, Schwartz says. There have been challenges integrating the TWIC readers into different physical access control systems.

The messaging from the readers needs to be standardized and made to be visible in all environments, Schwartz says. He cites the example of a card rejected by a reader without an adequate error message. "If the card gets an error the guard would tell the worker they need a new one when it may not have been registered in the PACS or something more minor," Schwartz says.

There have also been issues with creating a standard for the information processing. The TSA has determined that the sequences for authenticating the card, checking the registration in the physical access control system and checking the hot list all need to be done in the same sequence.

The read range of the contactless readers has been problematic too, Schwartz says. Ports that used proximity cards previously are reeducating workers that the card may need to be held closer to the reader than with the prior technology. The cards, which come with plastic sleeves, also have to be removed from the sleeve to be read in some instances.

Educating cardholders on how to take care of the credential has been a learning experience, he says. Some truck drivers will keep the credential around the rearview mirror in the sun and this can damage the chip and antenna.

Explaining the hot list, or revocation list, has been problematic too, Schwartz says. A worker will lose the card, call the number to report it lost at which point it is placed on the revocation list. If the worker finds the card a day or two later and tries to use it, it is flagged port security is alerted.

Other problems have included general installation issues including electrical power fluctuations, physical reader placements that are too high, too low or too far from worker, and slow turnstile and gate mechanism responses.

The TSA is planning to deliver a report with the test findings to Congress in 2011, Schwartz says. After that the U.S. Coast Guard, which is responsible for enforcing TWIC, will make a rule for ports and port operators to follow. That will most likely not be until 2012.

Because of the delay in the final rule most port operators are opting to wait before deploying TWIC reading systems, says Walter Hamilton, senior consultant at ID Technology Partners. Port operators could deploy the systems now but are afraid they will have to retrofit or tear out technology depending on the rule.

But some reader manufacturers have given guarantees that if they opt for the maintenance package the vendor will guarantee compatibility with the final rule, Hamilton says. "It give the maritime operators some level of comfort," he says.

The TSA is looking to solve some other logistics issues as well, Schwartz says. Enrollment and card activation services for remote locations can be a hardship for some areas. Workers have to show up once to apply for the credential with all the appropriate documentation and then show up again a few days later to receive and activate the card.

This has been problematic in areas where the enrollment center is far from the port or port worker's home, he explains. Congress has questioned the TSA on this, asking if the credential can be mailed but the FIPS 201 standard doesn't allow the ID to be mailed. TSA is looking at other alternatives to solve this problem.

The durability of the credential has been another problem, Schwartz says. The card is tested before leaving the central production facility and before leaving the activation center, but there have been problems with card failures in the field.

Without the presence of a TWIC team member with card analysis tools, it has been difficult to determine whether the problem is with the card, the reader or the access control system at the facility.

The TSA is considering a move from a 72K chip to a 144K chip, Schwartz says. Before the change is made official, however, they are verifying that no other system changes will be necessary and that there will be little or no impact on production and reader equipment.

The TWIC road has been a long and arduous one, ultimately taking more than a decade from mandate through roll out to electronic verification of the credential. But one day soon U.S. ports may have the increased security originally envisioned by TWIC initiators.

by Mathew Hegarty  -- More and more healthcare organizations are turning to virtual desktops to address their challenges with the management, security and cost of their organizations end-point devices, namely workstations and laptops. This has long been a complicated subject for healthcare executives due to the complexities within in the healthcare environment. The fact is, end-point devices are the one piece of the technology chain not physically placed in a secured environment.  Servers and switches are hosted in secured and environmentally controlled Data Centers and IDF closets, but laptops and workstations do their work in the Emergency Room, admitting office, or on one of the Nurses mobile carts. This introduces not only additional support costs and challenges but security concerns as well.

Even for the IT administrators managing a traditional technology infrastructure consisting of servers, desktops and laptops creates serious challenges. Ensuring software is consistently updated, hardware is running optimally and data is secure and safely backed-up is a time-intensive monotonous effort that puts IT departments in reaction mode rather than focused on proactive system maintenance and innovation. 

The economics of Healthcare IT are simple. The cost of maintaining IT infrastructure is becoming untenable given the complexity of new systems; the need for flexible and scalable deployments are a requirement for all new projects with executive buy-in. Add to that increasing healthcare costs relative to inflation and newfound political pressure to keep costs down while maintaining the quality of the care being provided. One thing is certain, healthcare organizations are challenged as never before to do more with less.

Enter virtual desktops to save the day - and the bottom line - for healthcare. For the uninitiated, virtual desktops represent a philosophical shift in how end-point devices are deployed and supported across an organization. The traditional approach of managing hardware, software and data at the individual machine level is extremely costly, typically in an uncontrolled environment, and near impossible to keep consistent.

The simple fact is virtual desktop technology allows Healthcare IT departments to deploy desktops, laptops and portable devices at a lower cost and from a controlled, secure data center. By running the software on a centralized server and having users access only necessary applications, the resources required to support the network are minimized while network uptime can actually be increased; because we are ìpushingî the applications and configurations from a central point, consistency is maintained across the environment.

This isn't exactly a new concept.  IBM had seen the value of running centralized servers with terminals back in the late 1950's with the advent of the Mainframe.    The concept was simple: centralize the key resources in a secured, controlled data center and use lower cost ìdumbî terminals at each desk to communicate with the mainframe.  Well, whatís old is new again.  The main difference between the Mainframes of old and todays virtual desktops are the familiar graphical interface of Microsoft Windows.

Hospitals and clinics can now make technology work for them, not the other way around. Virtual desktops loaded on thin clients, old workstations or laptops mounted on rolling carts have transformed the way physicians and caregivers treat patients. Instant access to patient records and integrated prescription management means healthcare workers now have real-time information at the point of care, which translates into faster, more effective care for patients.

Compliance with HIPAA is made even easier by virtual desktop technology. By accessing applications and data stored on a centralized server, the risk of losing sensitive patient data through the theft of hardware is nearly eliminated. What's more, once data is entered by a caregiver the device used does not retain the patient data. In short, applications and data stored on servers in a data center are subject to the highest level of control and security possible.

From my perspective as an experienced Systems Integrator, a virtual desktop solution makes sense for just about every healthcare organization.  From small physician practices up to the largest hospital groups, the fundamental benefits are the same. Translation? Gone are the days of your IT staff having to troubleshoot individual desktops because of a problem with an application. Gone too is the need for updates and patches for individual applications and printers on every physical desktop. Application performance is raised to a higher level because the computing environment and configuration is controlled in the data center.

What's our prognosis on the future of healthcare IT? Virtual desktop technology brings too many benefits to healthcare at a time when cost containment and data control are paramount. The transformation of healthcare technology is happening now and will never be the same. Because the most efficient delivery of healthcare information always wins in the end, we're seeing the age of virtual desktops take form.

Source Link

Virtualization , Virtual Desktops , HIPAA , Healthcare IT , Compliance

Looking at VistA EHR and VA

Timely brief on VistA which is the EHR software available from the Department of Veteran Affairs.  With the recent activity by the VA for it is good background.  

Stephen Bowerman knows a bargain. He's chief financial officer at 320-bed Midland (Texas) Memorial Hospital, among the first users of OpenVista, one of several versions of the "free" VistA electronic health record software available from the Department of Veterans' Affairs. (OpenVista is developed and supported by Medsphere, Carlsbad, Calif.)

The system had been in place for two years when he arrived at the county-owned hospital in 2009, and Midland had just been validated as Stage 6 in the HIMSS Analytics EMR adoption model. The presence of advanced information technology helped induce Bowerman to take the job despite Midland's $14 million loss in 2008. Switching to a new accounting information system and tightening procedures such as co-pay collection and insurance verification helped Midland move to a $1.5 million surplus in 2009.

Bowerman describes himself as a "dangerous" CFO for the I.T. department, because he started his health care career on the I.T. side, implementing a cost accounting system for a government hospital. "At least I can ask intelligent questions," he says.

 On costs

OpenVista is not free. The code is free, but how you implement it is not. If you had the resources and the right team you could implement it yourself, but we didn't feel like we had the resources. Medsphere helped tailor some of that free source code to our needs. We paid them to come out and help us implement the system and it wasn't cheap, but it was probably 30 percent to 40 percent of the cost of going with Epic or McKesson. It was early on and I'm sure Medsphere today could offer even more than they offered us. We were a beta site for some of their development and they've learned from us and can do it better. Our maintenance ticket is cheaper than it would be with one of the other guys.

Rest of article and source

Its newest marketing scheme allows customers to use their mobile phones to collect redeemable loyalty points off of Subway products.
Subway's marketing scheme will rely on Java-based software provided by Transactor Technologies Ltd., a specialist software development company. Transactor Technologies Ltd. offers comprehensive end-to-end solutions for its clients by providing functions such as customer and transaction management systems.

According to Transactor Technologies Ltd., the heart of its software suite is "Thor Transactor, which provides an open-platform processing engine that seamlessly interacts with traditional transaction capture and processing systems. This provides a bridge between older (legacy) installed systems and evolving or emerging transaction technologies."
Thor Transactor incorporates a powerful and flexible points management engine that enables very specific rules to be set for issuing and redemption of rewards. Transactor Technologies Ltd. offers a product relevant to this capability, called Loyalty+Plus. Loyalty+Plus is an application that allows the implementation of many types of functions, such as allowing cardholders to issue and redeem loyalty points. The software also tracks cardholder purchases.
Subway intends to follow-up on this campaign by releasing a more dynamiciPhone (News - Alert) application at a later date. It is a wise decision for the company, as iPhones now comprise over 14 percent of the smartphone market. This makes Apple (News - Alert) the third largest smartphone manufacturer in the United States. By developing a variation of this marketing technique specifically for Apple phones, Subway stands to reach a broader audience.
More and more companies are embracing mobile-scannable barcode technology, as barcodes can be placed on posters, product labels, or other media - allowing passersby to scan them with their phone to get to companies' websites. This can be especially useful when trying to participate in promotions, giveaways, or sweepstakes.
Heineken, the beer manufacturer, recently employed similar barcode technology in an ad campaign. Other companies, like the Pittsburgh Post-GazettePapa John's International Inc., are also hopping on the bandwagon, as mobile-scannable barcodes are proving adept at reaching consumers directly.
And there are benefits to this barcode technology for industries other than marketing. In the medical field, barcode technology is proving to reduce prescription and medication administration errors, making patient care safer. As pertains to education, Tele.ring, a VMNO with T-Mobile Austria (News - Alert), tapped into NeoMedia's 2D mobile barcode capabilities in order to introduce students to the concept of mobile barcode reading. Students had theopportunity to download the NeoReader for free and scan the QR codes that appeared on the posters, where they could access free mobile content such as ring tones and wallpapers.

Erin Monda is a TMCnet Contributing Editor. To read more of her articles, please visit her columnist page.

Edited by Michael Dinan
While there are many trends in the credit and debit card industry, security is the trend that most restaurants should put at the top of their list. Security goes beyond locking the front door at closing time. Restaurant operators also must secure the sensitive information their customers provide when paying for their services.
Identity theft and credit card fraud are chief concerns for consumers and the credit card industry, and should have great significance to the restaurant operator. Card and identity thieves are becoming increasingly more capable.
In 2009, there was a considerable increase in businesses affected by security breaches in the hospitality and restaurant industry. In response to the growing threat, major credit card brands like Visa and MasterCard have continued to increase the scope and rigor of consumer protection standards.
The PCI DSS (Payment Card Industry Data Security Standard) has been implemented in phases, with various deadlines, to control the way card data is transmitted and stored. Credit card processors have a looming deadline of July 1, 2010, to ensure their customers operate in a PCI compliant manner.
The PCI DSS standard covers many aspects of storing and handling credit card data. The PCI PED (PIN Entry Devices) component is focused on the hardware used at the point of sale (POS) for capturing the 4-digit PIN number on a consumer's debit card. Restaurant owners must ensure that debit card accepting devices are PCI PED compliant, or they risk fines and fees from their processors and the card brands.
While the July 1 deadline is directed at the member organizations (banks), processors enabling the acceptance of these transactions are expected to ensure their customers comply with these standards. Many processors are mandating that their customers undergo a PCI audit to ensure compliance and are assessing fees for those customers that do not comply.
The goal of these fees is to encourage customer compliance, which will help reduce the risk to both the merchant and the processor. A PCI audit varies in cost, based on the price negotiated by the customer or processor, but is intended to identify security concerns, including devices, software, and processes, that may expose the merchant to the risk of data theft.

PepsiCo in Recycling Push

Worried that most of its bottles and cans are going into the trash instead of the recycling bin, PepsiCo Inc. plans to place thousands of new recycling kiosks this year at concert venues, in grocery stores and along city sidewalks.

The Purchase, N.Y., beverage giant and partner Waste Management Inc. are in search of the green movement's elusive prey, the so-called unreachable bottle tossed away by people on the go.

The average recycling rate for nonalcoholic U.S. beverage containers is 34%, and only 25% for plastic bottles made of polyethylene terephthalate, better known as PET. Advocates say the most difficult bottle to recycle is the drink consumed on the go, as it's cumbersome to carry sticky bottles home to a bin.

PepsiCo and Waste Management want to recycle at least 400 million containers annually by putting as many as 3,000 kiosks in busy places this year, and offering incentives. "We have to get people to put up with a little inconvenience and say, 'I'll hang on to it a little bit and get a little bit of a reward," said Tim Carey, PepsiCo's sustainability director.

"There's got to be something in it for people, both through material rewards and emotional rewards," said Jeremy Cage, PepsiCo's "Dream Machine" project director.

In addition to unreachable bottles, the makers of the new machine also hope to attract what they see as unreachable consumers, who eschew recycling as a waste of time.

The Dream Machine is an attempt to be all things to all people. "Dark green" environmentalists can carry key fobs that track and reward their personal recycling efforts, and link them to a social network with regular news feeds. People who recycle at home but not on the go would get an incentive such as a chance to win a baseball cap. Those cool to environmental causes might be interested in the sponsors' promise of a per-bottle donation to the Entrepreneurship Bootcamp for Veterans, a business training program for disabled veterans.

Read rest of article at WSJ

Embracing the Self-Service Economy

The past decade has witnessed a rapid growth in self service that allows consumers to take on the traditional role of a service worker in the provision of a service. Self service has long existed--think of placing a call by dialing a telephone instead of using a telephone operator or pressing a button in an elevator instead of using an elevator operator--but its importance has grown as advances in information technology (IT) have created many opportunities to leverage self-service technology for large gains in efficiency and convenience. Using computer kiosks, airline travelers check in to their flights; on the Internet, consumers purchase products without ever speaking to a sales agent; and, using a mobile phone, customers check their bank balances and transfer funds. Self-service technology continues to become more efficient and more convenient, and, as a result, increasingly organizations, including businesses, non-profits and governments, are using self-service technology to operate more productively and to better serve their customers.

Self-service technology has already transformed entire industries, from ATMs in banking to e-commerce in the travel industry, resulting in significant savings for businesses which are passed on to consumers in the form of lower prices and better service. However, even though self-service technology has generated a wide range of benefits and savings for consumers, businesses, and government, it is only the beginning. Over at least the next decade, self-service technology has the potential to be a major force for growth in productivity and improvements in quality of life. We estimate that if self-service technology were more widely deployed, the U.S. economy would be approximately $130 billion larger annually, the equivalent of an additional $1,100 in annual income for every household.

These savings could not be coming at a more crucial time. Most national economies will need the power of self-service technologies if they are to avoid serious economic problems stemming from significant growth in the number of retirees, a situation that will be particularly acute in Europe, Japan, and the United States. In the United States, for example, the number of retirees for every 1,000 working age adults is projected to grow from 213 today to 346 by 2030. For Social Security recipients in 2030 to not see a decline in their inflation-adjusted payments without workers seeing a decline in their after-tax incomes, economic productivity will have to increase by 62 percent. Unfortunately, the Social Security Administration estimates productivity will grow just 40 percent. As a result, in 2030, either worker incomes after Social Security taxes are deducted will be significantly lower, or Social Security benefits will be lower, or both. Self-service technologies promise to be a major source of needed productivity growth, enabling the United States, Japan, Europe, and other nations facing demographic challenges to realize such growth without reductions in wages or benefits.

But these benefits will not automatically occur unless the right policies are in place and the wrong ones are avoided. First, governments should avoid putting in place restrictions on self-service business models and processes. This means that policymakers must resist the efforts of special interest groups that press for restrictions in technology to protect their economic or social interests at the expense of the average citizen. Second, where appropriate, governments should proactively promote self-service delivery of government services. For example, governments should pass along to citizens the savings from using lower-cost self-service options. Governments should also help create a climate conducive to expansion of self-service technologies. This means that government should support the development and deployment of technologies that enable self-service, like broadband, electronic IDs, and mobile payment systems. In the United States in particular, Congress should increase the minimum wage thereby providing firms with more incentive to invest in self-service technology, while at the same time helping to boost the incomes of low income Americans. In addition, Congress should establish an academic Center of Excellence to develop best practices for accessible design for self-service technology. Finally, we recommend that policymakers establish stronger safety nets for workers adversely affected by technological change so that the workforce can more easily adapt to a rapidly changing economy.

Self-service technology offers a broad set of benefits to consumers and businesses and has the potential to contribute even more to our national prosperity and quality of life. While self-service technology is widespread, it is still relatively new and will only continue to improve in quality over time. However, policymakers must avoid enacting policies to restrict self-service while at the same time putting in place appropriate policies to stimulate the self-service economy to realize these benefits.

Source Link

PDF Download

Most hospitality companies have been implementing service channels with a goal of reducing costs, increasing customer satisfaction and loyalty, and reaching new customer segments. No matter how successful the self-service channel, companies rarely eliminate traditional personal service when they introduce a self-service channel. Instead, companies typically maintain a portfolio of service-delivery channels which allows guests to select the way they interact with the companies. Consequently, managers should consider the interaction among the channels within the portfolio, with particular attention to how they complement each other. Using a research technique called structural equation modeling, the study described here examined the financial and guest-satisfaction results of integrating a self-service kiosk in two brands operated by an international hotel company. Based on data from the company, this study indicates that when certain routine tasks (e.g., checking in and issuing room keys) were handled in kiosks, hotels did see increases in average daily rate. However, when something went wrong with the self-service check-in, the hotels in question saw a reduction in guests' willingness to return. Oddly, the addition of the check-in kiosks did not increase guests' perceptions of service speed at check-in. One possible explanation is that guests used the check-in time to consult with services representatives regarding the destination or other topics, and front-desk associates took the opportunity to make upselling and cross-selling offers.

Vol 10 No 6
By: Tsz-Wai Lui Ph.D. and Gabriele Piccoli Ph.D.



Executive Summary:

Most hospitality companies have been implementing self-service channels with a goal of reducing costs, increasing customer satisfaction and loyalty, and reaching new customer segments. No matter how successful the self-service channel, companies rarely eliminate traditional personal service when they introduce a self-service channel. Instead, companies typically maintain a portfolio of service-delivery channels which allows guests to select the way they interact with the companies. Consequently, managers should consider the interaction among the channels within the portfolio, with particular attention to how they complement each other. Using a research technique called structural equation modeling, the study described here examined the financial and guest-satisfaction results of integrating a self-service kiosk in two brands operated by an international hotel company. Based on data from the company, this study indicates that when certain routine tasks (e.g., checking in and issuing room keys) were handled in kiosks, hotels did see increases in average daily rate. However, when something went wrong with the self-service check-in, the hotels in question saw a reduction in guests' willingness to return. Oddly, the addition of the check-in kiosks did not increase guests' perceptions of service speed at check-in. One possible explanation is that guests used the check-in time to consult with services representatives regarding the destination or other topics, and front-desk associates took the opportunity to make upselling and cross-selling offers.

Vol 10 No 6
By: Tsz-Wai Lui Ph.D. and Gabriele Piccoli Ph.D.


Vol 10 No 6
By: Tsz-Wai Lui Ph.D. and Gabriele Piccoli Ph.D.


Executive Summary:

Most hospitality companies have been implementing self-service channels with a goal of reducing costs, increasing customer satisfaction and loyalty, and reaching new customer segments. No matter how successful the self-service channel, companies rarely eliminate traditional personal service when they introduce a self-service channel. Instead, companies typically maintain a portfolio of service-delivery channels which allows guests to select the way they interact with the companies. Consequently, managers should consider the interaction among the channels within the portfolio, with particular attention to how they complement each other. Using a research technique called structural equation modeling, the study described here examined the financial and guest-satisfaction results of integrating a self-service kiosk in two brands operated by an international hotel company. Based on data from the company, this study indicates that when certain routine tasks (e.g., checking in and issuing room keys) were handled in kiosks, hotels did see increases in average daily rate. However, when something went wrong with the self-service check-in, the hotels in question saw a reduction in guests' willingness to return. Oddly, the addition of the check-in kiosks did not increase guests' perceptions of service speed at check-in. One possible explanation is that guests used the check-in time to consult with services representatives regarding the destination or other topics, and front-desk associates took the opportunity to make upselling and cross-selling offers.


Natasha Royer Coons managing director, TeraNova
• 09 Apr 2010

Over the past five years, the evolution of wireless networks to 3G data speeds, alongside increasingly sophisticated yet cost-effective cellular routers and antennas, has allowed many kiosk and digital signage deployers to have either successfully deployed stable networks using cellular technologies or at least seriously consider it as a viable alternative to landline options.

Now that 4G is available via Sprint and Clearwire, what does that mean for kiosk and digital signage deployers interested in deploying a cellular network?

4G is especially compelling for those deployers with bandwidth-intense applications, such as content streaming or video. Consider that with more bandwidth, applications such as a live video call from the kiosk to a customer service agent to enhance the user experience are very possible and can be delivered with great quality.

First, though, let me offer a word of caution: I believe we are experiencing the dawn of a new world for cellular networks, meaning this is just the beginning. For self-service it's promising, it's real and it will allow for the support of applications that we could only dream of before. But in order to adopt 4G completely for the purposes of an un-manned, machine-to-machine, mission critical network, many factors need to be considered and vetted out before rolling full force ahead.

Now, let's first take a look at the technology itself and what is available today in the United States.

What is 4G?

4G refers to the fourth generation of cellular wireless standards and is the successor to 3G and 2G standards. In the same manner that data-transmission speeds increased from 2G to 3G and allowed for the adoption of new applications utilizing cellular networks, the leap from 3G to 4G again promises higher data rates and lower latencies that could realistically support applications such as real-time streaming of multimedia voice, data and video.

The 4G spectrum services available through Clearwire and Sprint are based on a technology known as WiMAX (Worldwide Interoperability for Microwave Access). WiMAX is an international standard developed expressly for sending high-speed data signals to mobile users that blends the speeds of Wi-Fi with the portability of cellular. It broadcasts on the 2.5-GHz portion of the radio frequency spectrum and has a longer range. In the real world (not the lab), speed depends on variables such as how many subscribers are using the network at the same time, how far you are from a transmitting tower and how congested is the Internet. However, a realistic expectation can be up to 3 Megs or 5 Megs per second download, which to a user will feel more like a high-speed DSL or cable type of experience.

What markets are available to deployers today?

Read rest of the article at Kioskmarketplace.com

From SSKA Blog -- Twice a year there is a nice study on "Top Ten Mistakes of Kiosk Deployment" and usually one of the top ones is the principle that the number of problems you end up having are usually inversely related to the money you spend. You buy cheap, you get cheap as a rule.

The usual threat there is "well, we can buy it from China for this much...".  You can buy something from China but it won't be the same, and it'll take 12 weeks and won't accept modifications. Probably you can forget about the Buy American ARRA incentives working here (I hope). Buying kiosks made in America narrows your choices to one hand.

Worst than all that is prospects/customers that are not trying the tactic of asking kiosk companies to fund the project and pay all the upfront costs. It's called investing in the project (not unlike people with brainstorm ideas looking for "strategic partners").  

They''ll let us write the software for free, let us build the kiosks for free, do the site surveys and installations and get it all in (on our dime) and then they'll decide if they want to move forward, and if so, whether or not they move forward with us (ie a company).

The good companies are too busy, too smart to participate in something like that. I've seen it over and over where the expectation is the best possible product and the budget is zero. And always the same result. Sometimes due to lack of response the RFP gets re-issued, most of the time they were just taking a shot (and not a very good one). 

Am I missing something here? 

(...and insiders would say the part missing is the other half of deal which is we want it right now too...)

PARIS, France, 19th March 2010 - Ariane Systems VIKI project selected in Aug-2009 and partially financed by the ERDF (European Regional Development Fund) got started.

By removing all hardware associated with the check-in and check-out processes, VIKI will revolutionize the hospitality industry by enabling customers to check-in/check-out where and when they want using their desktop, their laptop, their smartphone and even their cell phone.

« Often a source of frustration for business guests, the check-in/check-out procedures have not changed in 15 years. Guests still need to go to the front desk, stand in line and wait for their turn" explains Laurent Cardot, Managing Director and co-founder of Ariane Systems.

« For 10 years, Ariane Systems has been deploying self-service check-in/check-out kiosks in the lobby areas. VIKI anticipates the needs of our clients who are at the cutting edge of technology and want to offer to their guests, for example, the ability to check-in online from their computer before arriving at their hotel, or perform their check-out from their cell phone, comfortably sitting in the taxi that is already driving them to the airport" continues Laurent Cardot.

The features that this software platform will be able to offer are countless as it will integrate online mobile payment solutions and will enable the user to modify their bill, address or even client profile.

For VIKI, Ariane Systems partnered with LIP6 (a research center specialized in the realm of telecommunications and information technology), Lemon Way (a company specializing in mobile applications and leader in mobile banking technologies), as well as Hotel Performance (a major hospitality group) that will contribute their hotel know-how.

« With our mobile platforms, the security layers brought by LIP6 and the unique feature application of Ariane Systems, we will offer early 2011 a solution which will be able to adapt to most of today's existing hotel technical environments" confirms Sebastien Burlet, founder of Lemon Way.

Frequent travelers' dream to go directly to their hotel room after receiving a SMS that features their room number and software room key card is not so far...

About Ariane Systems

Ariane Systems is the worldwide leading provider of self-check-in / check-out technology solutions for the hospitality industry. Founded in 1998 by Michel Lavandier and Laurent Cardot, Ariane has deployed over 1,500 kiosks installed at hotel properties in 15 countries. Currently, numerous hotel chains utilize Ariane's self-service solutions to streamline their check-in / out process, including Pullman, Radisson, Golden Tulip, Holiday Inn, Campanile, B&B, Ibis and Novotel, among others.

Based in Paris-France, Ariane Systems operates subsidiaries in the UK, Germany, Spain, Scandinavia, Middle-East and now North America.

For more information, please visit www.ariane-systems.com.

Scientists have identified security flaws in chip and pin technology that they say are so serious as to require a rethink of the whole system.

The Cambridge University researchers discovered a loophole that could be used to make bank card payments without knowing the correct pin.

Link for Video

Self-service trends in 2010

Craig Keefner 
• 05 Jan 2010

By the end of 2009, there were almost 30,000 DVD-vending kiosks deployed, with more on the way. This application likely has surpassed the photo kiosk as the second-most visible symbol of self-service working, next to grocery self-checkout. Anticipating the next such "big thing" keeps all of us in the kiosk industry busy following the tweets and news in the hope of catching the next wave.

Here is a roundup of 2010's potential suspects, from my point of view, divided into three market groups -- maturing, growth and new drivers.

Maturing market

Vending and reverse vending -- These are apps where customers put money in to get a product, with the DVD kiosk being a prime example. Reverse vending is where products/goods are deposited into a machine and money/credit is given to the customer. The ecoATM self-service e-cycling kiosks would be an example of this, and the TITO ticket and token redemption machines in Las Vegas are good examples as well.

Complete Article

Radiant being sued not over it's Aloha system which is PCI-validated but over the use of PC Anywhere.

Restaurants Sue Vendor for Unsecured Card Processor

creditcardSeven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.

The restaurants, located in Louisiana and Mississippi, filed a class-action suitagainst Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen.

The suit alleges that the system stored all the data embedded on the bank card magnetic stripe after the transaction was completed -- a violation of industry security standards that made it a high-risk target for hackers.

Also named in the suit is Computer World, a Louisiana-based retailer, which sold and maintained Radiant'sAloha POS system.

According to plaintiffs, Computer World's technicians allegedly installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. The only problem is, the company failed to secure the program. The suit alleges that the system was not up to date with software patches, and the PCAnywhere remote log-in and password that technicians used to access the POS systems was the same at every one of the 200 Louisiana locations where the system was installed. According to one of the plaintiffs who spoke with Threat Level, the default login was "administrator" and the password was "computer."

As a result, a hacker, believed to be based in Romania, accessed the systems of at least 19 businesses through the PCAnywhere software, and possibly others plaintiffs say. Once inside, the hacker installed malware to grab card data as it was swiped and send it to an e-mail address in Romania. The hack follows a wave of similar attacks that targeted point-of-sale systems at other national retailers and restaurant chains between 2005 and early 2009, including Dave & Busters restaurants, Hannaford Brothers, TJX, Wal-Mart and others.

The suit was filed in March in the U.S. District Court in Louisiana, but the court ruled only last week that the seven plaintiffs could proceed as a group with their case, opening the way for additional plaintiffs to join the litigation.

"We want other restaurants nationally to be aware of the hidden dangers posed by these technology companies and the unfair penalties imposed by the credit card companies," said plaintiffs attorney Shiel Gallagher in a press release. "These huge companies shouldn't have the power to destroy these restaurants."

The plaintiffs include Crawfish Town USA, Don's Seafood & Steak House, Jone's Creek Cafe, Mel's Diner, Picante's Mexican Restaurant, Sammy's Grill and a Best Western. Two other restaurants have also sued Radiant Systems and Computer World separately.

The restaurants are seeking millions in damages to recover their costs from the breach. These include fines levied against them from Visa and other credit card companies for failing to be PCI-compliant, the cost of forensic audits to uncover the source of the breach, chargebacks to cover fraudulent charges made on customer accounts and reimbursements to card providers who had to issue new customer cards.

According to the plaintiffs' court filing (.pdf), Radiant and Computer World were allegedly warned by Visa in April 2007 that the Aloha system, along with POS systems made by five other vendors, were non-compliant because they stored card data. Visa also sent out a bulletin in November 2006 warning that one of the most frequent vectors for hackers to penetrate POS systems was through poorly configured or unpatched remote-access software (.pdf) and default passwords. Nonetheless, the restaurants say, Radiant and Computer World sold them a product that was neither PCI-compliant nor secured against a known attack.

PCI compliance involves 12 requirements that include: installing and maintaining a firewall, changing default vendor passwords, encryption of transaction data while it's being processed and updated security patches and anti-virus definitions, among other things. Businesses that accept bank card payments from customers are contractually required by the payment card industry to have PCI-compliant architectures and to use only products that are PCI-compliant.

Charles Hoff, general counsel for the Georgia Restaurant Association and one of the plaintiffs' attorneys, says these kinds of security disputes are becoming more common but rarely garner public attention because vendors tend to settle rather than risk exposure through a court case. He said this suit was filed only after Radiant refused to take responsibility for the breaches.

"Radiant ... took a very arrogant attitude about it," he told Threat Level. "I've had other POS vendors who felt they should be accountable, and the end result was that they knew they needed to do the right thing. Radiant I don't think thought we were serious. Radiant's website gives customers the greatest assurance that when it comes to their resellers, they monitor and make sure they're scrutinized and compliant. It really would give you all the confidence in the world if it was actually done."

Radiant has declined to comment on the details of the suit.

"What we can say is that Radiant takes data security very seriously and that our products are among the most secure in the industry," Paul Langenbahn, president of Radiant's hospitality division, told the Atlanta Journal Constitution. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

Keith Bond, owner of Mel's Diner in Broussard, Louisiana, told Threat Level that he purchased his Aloha system for $20,000 and installed it around late November 2007. Computer World, he says, convinced him that the system needed to be connected to the internet for faster transaction processing, as opposed to the dial-up modem connection he had been using for processing.

In April 2008, just a few months after installing the system, one of his employees called to tell him that the mouse cursor on one of three Aloha terminals he'd bought seemed to be moving on its own and that employees were unable to take control of it.

After contacting Computer World technicians, the restaurant was told to disconnect its system from the internet. A service tech appeared the next day to replace the hard drive, but didn't disclose the nature of the problem or indicate that an intruder had breached the system. Bond learned only later that a keystroke logger had been installed on all three of his Aloha terminals, and that the intruder had been siphoning card numbers for about three weeks.

He discovered this only after Visa and Mastercard contacted him in May to tell him his system had been breached. Bond, whose 24-hour diner processes about 60 to 70 card transactions a day, says 669 card numbers were stolen during the three-week period the hacker was in his system.

"If they had accessed the server, they would have got thousands of card numbers," Bond said.

The credit card companies forced him to hire a forensic team to investigate the breach, which cost him $19,000. Visa then fined his business $5,000 after the forensic investigators found that the Radiant Aloha system was non-compliant. MasterCard levied a $100,000 fine against his restaurant, but opted to waive the fine, due to the circumstances.

Then the chargebacks started arriving. Bond says the thieves racked up $30,000 on 19 card accounts. He had to pay $20,000 and managed to get the remainder dropped. In total, the breach has cost him about $50,000, and he says his fellow plaintiffs have borne similar costs.

Bond said Radiant and Computer World were unresponsive.

"Radiant just basically hung us out to dry," he says. "It's quite obvious to me that they're at fault.... When you buy a system for $20,000, you feel like you're getting a state-of-the-art sytem. Then three to four months after I bought the system, I'm hacked into."

Image courtesy California State Controller's Office

Recommended Commentary Link

Lessons Learned From PCI Compliance

Assessors reveal mistakes companies make with data security standard. -- To help companies get ready for a an evaluation, we asked QSAs to describe common problems they encounter when working with IT groups on PCI compliance. What follows are five best practices to help companies better prepare for an assessment and maintain compliance.

1. Know Where Data Lives

First off, you must know how credit card data flows through your system, where the data resides in the enterprise, and who has access to it. Assessors ask for this information at the outset of an assessment because it determines the scope of the project. They aren't there to review your entire security infrastructure, just the systems that collect, process, transport, and store credit card data. A surprising number of companies don't have a good grasp of this information. "It's common for a client to completely miss a particular data flow and have no idea that credit card data is being forked off to system X, Y, or Z," says a QSA at Neohapsis, who asked to remain anonymous.

Companies express an "extreme amount of frustration" over the amount of effort they have to put in to put the full picture together, says Ted Keniston, a QSA and managing consultant with the global compliances group at Trustwave. "We should be validating this information, not determining it."

Having a complete picture of credit card data isn't just a courtesy to your assessor; it also affects your ability to protect customer information, because you can't secure what you don't know about.

2. PCI Is A Moving Target

Let's say your assessor has just stamped you "compliant." You breathe a sigh of relief. The PCI assessment is annual, so you don't have to worry about it for another 12 months, right? Not so.

PCI compliance is only valid and only applies to the state of the network and systems at the time of the assessment. The moment you make changes to systems that fall under the 

Rest of article and pdf of entire article

Report from trust catalyst detailing the trends and obstacles to data encryptions, applications affected, and why it's important (average cost per breach in $6M)

Excerpt: he most significant increases in this year's research were "File encryption - server" moving up from fifth to second place and "Mobile device encryption" rising from eleventh to ninth. Email encryption at the client saw the most significant fall, from third place in 2008 to fifth in 2009. There was not a significant increase in encryption adoption for databases or backup tapes in 2009. We continue to caution organizations not encrypting these applications that they remain at serious risk of data breach -particularly with regard to patient and credit card data.


Related Ring Sites:
  GoKIS  |   ThinClient.org  |   keefner.com  |   Visi Kiosk site  |   KIOSK  |   Kis-kiosk.com  |
Resource Sites:
  Elo TouchSystems  |   Acire Inc.  |   Nextep  |   TIO Networks  |   Olea  |   Self-Service Networks  |   Meridian Kiosks  |   Provisio  |   Kioware  |
  Selling Machine Partners  |   Source Technologies  |   Seepoint  |   5Point  |   Nanonation  |   Netkey  |   KioskCom  |   Summit Research  |   NCR  |