Those don't really mean anything when an attacker can eavesdrop on customer and employee comms and possibly redirect transactions (MITM).