Quote:
|
The issue related to EMPLOYEES could be safeguarded by creating an EMPLOYEE membership that could only be established by authorized management that provided the access to EMPLOYEE tans and discounts.
|
That is incorrect. You can not stop the employee from making up a fake client and registering their own fingerprint. Just one example of the way they can use it would be to buy a package for a high pressure bed. Then when a walk in comes in and wants to purchase a single HP session, they could take the $35.00 (or whatever the salon owner charges) and take it off of their package. Other ways would be if you run a special like the 1 day 1 dollar. I am sure you have heard of this Andy with your background in Helios. Those are just a couple off the top of my head. Helios is very lax when it comes to fixing security vulnerabilities. I was the person to inform them of their HUGE vulnerability with the fingerprint system in version 9. They supposedly fixed it in version 11, but I haven't checked it. You used to be able to pull up a client and when it was time to verify the fingerprint you could escape out and pick another client or change the client number and Helios would think it was still verifying the original client. It only took them 2 years to fix that, if they have that is.