Security researchers have devised a way to offer steep discounts or steal goods by hacking vulnerable point-of-sale systems. The researchers at cybersecurity firm ERPScan, which has a commercial stake in the space, found that SAP’s point-of-sale (POS) systems don’t authenticate or check internal commands, allowing anyone with access to the store’s network unrestricted access to the checkout system. That might not be so difficult when various devices and machines around the store are also ethernet-connected, making a plug and play-style attack easier than others.