Author Topic: Found a flaw in "Discount Level" (V14)  (Read 13690 times)

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Found a flaw in "Discount Level" (V14)
« on: January 09, 2017, 12:55:15 PM »
So when using the (entire sale) Discount you can set the value of the 2 discounts by going to the Manager Control > Sales > Discount Level.

So let's say I make Discount 1, 10% OFF for a military discount.  In order for an employee to even be able to select using this discount the Security Setting needs to be at the standard employee level (3-Cashier).  So if we set "Price Changes" to Security lvl 3 - Cashier then they can now select military discount when ringing up a sale.  The flaw is they can also now double-click the word "Discount" in the sales window and up pops a table allowing them to alter the pre-set 10% off discount to anything ... even 100% off.

So an employee should be allowed to select a predetermined discount management approves of but not have the security clearance to make a $500 item have a zero value either.

Ways to fix it:

1) Remove all 4 of the Discount Buttons (2 for individual products and 2 for overall sale) ability to pop up that window that allows the percentage to be altered.

2) Give it a different security setting than "Price Changes".  Perhaps if a Security Setting for "Allow Discounts" was assigned to those 4 predetermined buttons.  So Security for "Allow Discounts" can be lvl 3 but "Price Changes" can be level 4 or 5.

I LOVE the Discount feature in V14 because the discounts are no longer "Products" where you can stack the quantity.  However without fixing this it does no good because they can make it whatever percentage off they want.  Now I am scared to even have these buttons used in my system at all.
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Re: Found a flaw in "Discount Level" (V14)
« Reply #1 on: January 09, 2017, 04:46:27 PM »
So through pouring more and more hours today/tonight into refining my POS to perfection this is really the only flaw I found that can't be "worked around".  I've been able to successfully work around the discounting options but I as the owner can set a 6% discount to pay back the State Tax to the customer but the cashier can just double click the word and change it to 100%.  If I pre-set it they shouldn't have the ability to change it. 
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com

Offline rjsmeyer

  • Full Member
  • ***
  • Posts: 193
    • View Profile
    • Ocean Beaches Glassblowing & Gallery
Re: Found a flaw in "Discount Level" (V14)
« Reply #2 on: January 19, 2017, 03:50:35 AM »
IMHO, unless you have some way of absolutely preventing an employee from ever having access to the cash drawer, for instance, you're never going to have a system where a determined dishonest person cannot steal from you. I doesn't matter what POS system you're using or how you have it set up.  If someone is that determined, they're going to rip you off whether it's through discounts or pocketing cash - or, in your case, going home with pockets full of sunglasses. 

I think the best anyone can hope for is a system where you can detect that kind of activity easily enough that it doesn't get by you once it's been done. 

Offline ronaldrwl

  • Administrator
  • Hero Member
  • *****
  • Posts: 1679
    • View Profile
Re: Found a flaw in "Discount Level" (V14)
« Reply #3 on: January 19, 2017, 08:21:54 AM »
We have looked into this and made some changes.  A cashier can use the Discount buttons if they have the "Price Change" security clearance.  They can change the discount amount (click on the discount line in the sales screen) only if they have "Price Change Level 2" security clearance.

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Re: Found a flaw in "Discount Level" (V14)
« Reply #4 on: January 20, 2017, 09:43:12 AM »
Amazing!  Thank you so very much.  Little security issues like this could really cause a business a lot of headache.  Especially if the owner doesn't realize these problems and a cashier finds a back door.  You could take a big sale and make it zero and without due diligence in report checking you would never know.  Thank you very much for fixing this =)
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com

Offline ronaldrwl

  • Administrator
  • Hero Member
  • *****
  • Posts: 1679
    • View Profile
Re: Found a flaw in "Discount Level" (V14)
« Reply #5 on: January 20, 2017, 09:55:28 AM »
We appreciate the feedback!
I would also add, the owner can always see the discounts and overly discounted items quickly by viewing the report Sales / Discounts and the Tools / Activity Log.

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Re: Found a flaw in "Discount Level" (V14)
« Reply #6 on: January 25, 2017, 10:51:42 AM »
We appreciate the feedback!
I would also add, the owner can always see the discounts and overly discounted items quickly by viewing Tools / Activity Log.
Concerning above with Activity Log for some reason the Activity Log is showing an employees ID being used "DYLAN" when he is not even there and I was using my ADMIN login and another employee "CANDICE" was using her log in.  However, he didn't even work and his ID was shown under Activity Log.  Any ideas?
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com

Offline ronaldrwl

  • Administrator
  • Hero Member
  • *****
  • Posts: 1679
    • View Profile
Re: Found a flaw in "Discount Level" (V14)
« Reply #7 on: January 25, 2017, 12:46:07 PM »
What activities was he showing up on?

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Re: Found a flaw in "Discount Level" (V14)
« Reply #8 on: January 26, 2017, 11:40:22 AM »
Every activity.  I was accessing Reports and the manager screen and security settings using my level 7 Admin login but it was showing his name instead in the Activity.  Also my manager was doing some things like made a sale to a customer and in the Activity log it showed his name but in the Sales Control it showed her name and same with the receipt.  Something kinda weird and no idea on a solution for that.  However looking back multilple days through the activity log it does show other Staff members names, not just his.   :-\
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com

Offline ronaldrwl

  • Administrator
  • Hero Member
  • *****
  • Posts: 1679
    • View Profile
Re: Found a flaw in "Discount Level" (V14)
« Reply #9 on: January 27, 2017, 06:36:16 AM »
Look at his employee record and check that everything looks good.  No one has a duplicate password?

Offline Courtright

  • Sr. Member
  • ****
  • Posts: 282
    • View Profile
    • Sunglass Shack
Re: Found a flaw in "Discount Level" (V14)
« Reply #10 on: January 30, 2017, 07:55:55 AM »
No duplicate passwords.  I'll check everything over concerning his employee record today.
Sunglass Shack
Virginia Beach, VA | Norfolk, VA
www.GlassesInTheMail.com