Physical security

A BoothIQ kiosk is a physical device sitting in a public venue with cash inside. Software security only goes so far. Physical security covers the rest. This article is the basics.

Who this is for: Operators placing kiosks in public venues, especially at-risk venues (24/7 access, high-foot-traffic, low-staff oversight).

The threats

Realistic threats to a BoothIQ kiosk in a venue:

  • Cash theft (forcing the cash box). Mount the booth securely; choose a well-lit location
  • Kiosk theft (entire booth removed). Bolt to floor; choose a venue with security cameras
  • Vandalism (damage, graffiti). Choose a high-traffic location; have a daily inspection routine
  • Tampering (someone trying to access internal hardware). Lock the enclosure; check for tamper signs daily
  • Phishing customers (someone pretending to be the booth or its operator). Educate customers; have official signage
  • Social engineering operators (someone calling support pretending to be you). Establish verification protocols with support

Mounting the booth

A BoothIQ kiosk should be physically secured to prevent removal:

  • Bolt to the floor if your venue allows it. This is the most effective deterrent.
  • Tether with a security cable if bolting isn't possible.
  • Place against a wall so the booth can't be tipped over from behind.
  • Don't put it on wheels unless wheels are locked.

Talk to your venue about what mounting options are available. A mounted kiosk is much harder to steal than a free-standing one.

Choosing a venue location

A good location for a BoothIQ kiosk:

  • High foot traffic. Witnesses deter casual theft and vandalism
  • Well lit. Both for the camera (better photos) and for security
  • In view of staff. Venue staff can intervene if something goes wrong
  • Within range of security cameras. For after-the-fact accountability
  • Not in a hidden corner. Alleys, back hallways, late-night zones are risky

A bad location:

  • A dark, unmonitored corner of a 24/7 venue
  • Outside, exposed to weather (also bad for the printer and camera)
  • In a crowded space where customers can't comfortably use it (also bad for revenue)

The cash box

The cash box is the highest-value target. Best practices:

  • Empty it frequently. At the end of every shift, or at least every day. Don't let cash accumulate.
  • Use a separate locked compartment. The cash box should have its own lock independent of the booth's main enclosure.
  • Use a unique key that you don't share with venue staff.
  • Don't write the cash box location on the outside of the booth.

When you collect cash:

  1. Open the cash box (with your unique key)
  2. Take the cash
  3. Verify against the Sales tab. The cash should match revenue minus any manual credit adjustments
  4. Reset the cash box
  5. Store the cash securely

Tamper detection

Daily, look at the booth for signs of tampering:

  • Pry marks around the enclosure seams
  • Missing screws or fasteners
  • Disconnected cables visible from the outside
  • Unusual stickers, marks, or graffiti that weren't there yesterday
  • Strange behavior. The booth boots into Windows instead of BoothIQ, asks for unfamiliar credentials, etc.

If you find evidence of tampering:

  1. Take the booth out of service immediately.
  2. Don't power-cycle. Gather evidence first.
  3. Document with photos.
  4. Contact BoothIQ support and your venue.
  5. Don't sign in to admin until you're sure the booth is in a known-good state. A tampered booth might have been modified to log your password.

Locking the enclosure

The booth's enclosure should be locked so internal components aren't accessible to the public:

  • All access panels (camera area, printer service door, payment device, USB ports, internal PC) should be locked or behind a locked panel
  • Use proper locks, not just clips or magnets
  • Have spare keys stored away from the booth

Your installer should have set this up correctly. If any part of the booth is openable without a key, talk to your BoothIQ contact.

Camera privacy

The camera inside the booth is pointed at where customers stand. Customers expect to be photographed when they tap START. They do not expect:

  • The camera to be running when they're not using the booth
  • Photos of them to be stored without their knowledge
  • Photos of them to be sent anywhere outside the booth

BoothIQ's defaults respect these expectations:

  • The camera only captures during a session
  • Photos aren't saved by default
  • Photos aren't synced to the cloud by default

But if you customize these defaults. Turning on photo saving, enabling Photo Backup, etc. Make sure you're being transparent with your customers. See Data and privacy.

Power and continuity

Physical security includes uptime:

  • Use a UPS to bridge brief power outages. The booth can lose state mid-session if it loses power abruptly.
  • Surge protect the kiosk's power input.
  • Don't share the kiosk's outlet with other heavy equipment.

Insurance

Your kiosk represents a real asset. Make sure:

  • It's covered by business insurance for theft, vandalism, and fire
  • The venue's insurance also covers it (if your contract says so)
  • You have proof of ownership (purchase records, Booth ID) in case you need to file a claim

Verifying staff with you

If a stranger walks up and claims to be from BoothIQ:

  • Ask for ID.
  • Don't give them admin access.
  • Call BoothIQ support directly (using a number you already have, not one they give you) to verify.
  • Real BoothIQ technicians will not be offended by the verification. They expect it.

This is the same advice as for any home/business service visit. The booth is your property; nobody but you should be touching it without verification.

Verifying support over the phone

When you call BoothIQ support, expect them to verify your identity:

  • They'll ask for your Booth ID (visible in the Cloud Sync tab)
  • They may ask for your account email
  • They may ask for business details that match your account
  • For sensitive operations (issuing emergency master passwords), they'll be extra careful

This is for your protection. If support doesn't verify you, that's a red flag. Call back through a different channel.

Disposing of an old booth

When a kiosk reaches end of life:

  1. Unregister it from the cloud so its credentials are revoked (see Cloud Sync tab Unregister Booth button).
  2. Export and back up any sales data you want to keep.
  3. Contact support about decommissioning. They may want to wipe the local database before disposal to remove any residual customer data.
  4. Don't sell or give away the kiosk with the BoothIQ database intact. That could expose customer data.
  5. Physically destroy any storage media if disposal is the goal (if support recommends this).

Verify your physical security

Your physical security is reasonable when:

  • The booth is mounted or otherwise secured against removal
  • The cash box is emptied regularly and uses a unique key
  • You do a daily tamper check
  • You have insurance covering the kiosk
  • You've verified the venue's location and lighting are appropriate
  • You can verify support's identity when they call you (and vice versa)

Common mistakes

Leaving the cash box unemptied for days.

Bigger loss when stolen.

Free-standing booth in an unmonitored area.

Easy theft target.

Sharing cash box keys with venue staff.

More potential leaks.

No insurance.

Replacement costs come out of your pocket.

Trusting unverified "BoothIQ technicians".

Anyone can claim to be one.

Disposing of an old booth without wiping it.

Customer data exposure.

Next steps