How TeskaLabs Helped O2 Improve Customer Satisfaction of eKasa Point-of-Sale (POS), the Most Successful POS Product on the Czech Market
In 2016, the Czech government introduced a new law requiring all businesses to report their sales figures and provide Electronic Evidence of Sales (EET). This law calls for the adoption of a more modern point-of-sale system or cash register that enables businesses to meet these new regulatory requirements. Over the next two years, the law will gradually impact upon more than three hundred thousand companies in the Czech Republic. O2, the largest integrated telecommunications provider in the Czech market, observed that many would need help complying with this law, while also maintaining data security and providing high quality customer support.
O2 decided to introduce their own mobile cash register, called eKasa. The aim was to create a professional POS solution that is unique in its uncompromised focus on quality, security and customer support. They created this new product during 2015, in the form of a mobile POS solution that runs on Android operating system.
While preparing this new product, O2 reached out to TeskaLabs and invited them to work together on this solution. TeskaLabs provides a technology solution for mobile applications called SeaCat. This solves questions of security, scalability and visibility, all of which are vital aspects of progressively scaling up professional applications such as large-scale POS solutions.
O2’s investment, along with the help of TeskaLabs, certainly paid off: eKasa is now the most successful POS solution available in the Czech Republic, and is used by more than a quarter of the entire Czech EET market.
eKasa is in high demand, and within a few days of launch there were already a large amount of customers using the service. The O2 team were very busy dealing with this rapid growth, and when in a situation like this, it is easy to overlook the occasional customer problem. However, it is precisely here that the difference between the good and the great lies: companies should always pay attention to detail, even when they are serving the masses. A single customer complaint will have much greater repercussions than ten satisfied customers who don’t comment on their experience.
Occasionally, O2 received random customer feedback about a slow connection to eKasa, which could prevent optimal usage of the service. Clearly, this was a serious issue that required appropriate attention.
Around the time of the eKasa launch, TeskaLabs were able to use SeaCat technology to detect unusual behaviors at a network level in the communication between eKasa devices and O2’s servers. Issues occurring at such a low level are undetectable by common monitoring tools available to O2 operation teams. Luckily, though, SeaCat made all the difference. SeaCat was the only component that picked up on this issue, because it collects a wide variety of operational telemetry data from many different aspects of a mobile application, including communication, performance, availability, and so on. Not only does SeaCat function as an extensive cybersecurity tool, but it also provides detailed input for data analysis tools. This meant that SeaCat was able to offer management and technical staff a unique insight into the eKasa application.
SeaCat discovered anomalies at the TCP level, the fourth layer of the ISO/OSI network mode via an audit logging component. SeaCat registered incoming TCP RST packets from eKasa POS immediately after it established TCP connection. In basic terms, this meant that the connection from the POS terminal was being immediately terminated, and eKasa wasn’t able to communicate with its servers to work properly. During the intensive post-launch period, the number of RST packets grew by a significant amount.
TeskaLabs carried out the investigation along with key figures from O2's Security Expert Center, IT data networks, and mobile networks. It was challenging to figure out the problem because at the time of the investigation, the RST packet anomaly was not linked to user complaints.
There was one more issue at hand: only a small percentage of eKasa devices were being affected, and that introduced a challenging yet very common issue when operating large-scale distributed applications like this POS app. You may observe random errors in some POS devices, but the chance that you will see the same error on your testing device is virtually zero. In this specific case, we calculated that it would take more than 50 consecutive days of testing to obtain a 90% chance of the issue appearing on an eKasa test device. Put simply, this meant that we had no way of observing the problem from a user’s perspective.
To work around this problem, TeskaLabs reconstructed the POS problematic state based on SeaCat telemetry data and audit logs, without having physical access to the affected devices. By doing this, we finally understood what was happening. Knowing the nature of the issue, we were able to bisect the problem and identify the component that was causing the issue. Bisection is a commonly used technique to isolate issues. It quickly became obvious that the anomaly was not on the POS app side, but somewhere deep inside O2’s mobile network.
Thanks to TeskaLabs' technology and proactive approach to problem solving, the issue was fixed before performance further impacted upon the user experience and satisfaction, and O2 were able to continue with the successful launch period.
Now every customer can use SeaCat-enabled eKasa without facing any network errors. SeaCat technology guarantees a smooth user experience - it measures everything, analyzes each client, and alerts administrators when it detects the slightest sign of wrongdoing.
If you’d like to get a true assessment of the security of your POS system and its backend, ask us about our Security Audit. Alternatively, see our POS system management solution to know how we can help you build and operate your POS system in a secure and reliable manner.
Data encryption tool for GDPRMore information
You Might Be Interested in Reading These Articles
The security of connected applications, IoT, or mobile platforms, is based not only on secure development, but also on widespread knowledge about info security. Every user should have minimum knowledge about security. Every public tender should demand security of the final product or service.
Published on September 15, 2015
The hack on the Italian-based firm Hacking Team revealed that exploiting is not just done by black hats and bad hackers but can be committed by a legitimate company. A dump of 400 gigabits email revealed that the company was involved in zero-day exploits.
Published on August 04, 2015
HTML is no longer restricted to just websites. With its latest edition, HTML5, the markup language family has now become a popular choice for mobile applications. After gathering the relevant data and researching, Gartner predicted two things; firstly, HTML5 would be the most commonly used language for mobile applications in 2015 and secondly, HTML5-based hybrid mobile app using technologies such as PhoneGap, Codova or React Native reach up to be 50% of all mobile apps 2016.
Published on March 01, 2016