POS Security: 5 Business-Critical Steps to Secure your POS
There are many security risks in a retail environment for businesses to navigate through today. POS security is one topic that should not be taken lightly. Let’s see the most important definitions in the subject and a list of actions that can help secure your POS system.
What is a POS?
Point of Sale (POS) is the space at the store where customers go to make a purchase. They pay for their items at a POS system, which is comprised of the software and hardware used to track the financial transaction. A POS can be a traditional plug-and-play credit card terminal, a browser-based virtual terminal or it can come with a mobile credit card reader and app.
What is POS security?
POS security means creating a secure environment for customers to purchase and complete transactions. This includes preventing unauthorized users from accessing the payments system, thus protecting the business’s and customers’ sensitive data such as credit card information. Cyberattacks like that, also known as a POS attack, target POS applications that store data about all purchases and transactions made through the POS system.
How to Secure Your Point of Sale (POS) System
POS security can be complex due to the sophisticated nature of attacks on networks today. Here are some steps to make sure your POS is secure.
1. Use PCI-validated point-to-point encryption (P2PE) & EMV
Every retailer is required to meet standards outlined by the Payment Card Industry Security Standards Council (PCI SSC). Upholding the Data Security Standards (DSS) put in place by this council is something retailers must adhere to or they could pay a fine.
Many less expensive POS systems will not offer this extra validation and security control. While the cost may be higher, the potential for fraud is reduced dramatically as will the PCI compliance scope required of retailers. For ease of reference, the PCI SSC maintains a list of approved scanning vendor companies.
Adoption of the EMV (chip card), instead of a magnetic stripe card, is also crucial as it has greatly reduced card-present fraud in the U.S. since its introduction. There is convenience in this, too. Retailers can also opt to not require signatures on receipts because the merchant is no longer liable if a breach occurs. When using P2PE, data is basically stored as a code or “token,” making it nearly impossible for hackers to find this useful. Keeping thousands and thousands of slips of paper to defend against chargebacks becomes unnecessary.
2. Keep your point of sale systems restricted to a select few
It is important to make sure point of sale systems stay only in the hands of trusted employees that are approved to use them. Everyone doesn’t even have to get trained if they are not using the system. Limit the use of your networks to those who have permission and are trustworthy.
To further ensure your business stays protected, make sure the devices are locked down at the end of the day. If your POS is mobile, employees may make the mistake of taking devices home by accident or stealing. There is always a chance it can get into the wrong hands and with your POS software installed on it, anyone can do damage to your network. Make sure devices are accounted for at the end of the day.
3. Ensure the staff understands how to work with the POS
Learning about terminal security should be incorporated into your employee POS terminal training. This training can be separate from your overall store security training. Discuss how to recognize if a terminal has been physically tampered with and how to ensure terminals are shut down or secured before leaving the store for the evening. Employees should update their passwords regularly and use strong passwords (combination of letters, numbers, and characters).
In addition, it is important to clearly state and put your policies on POS security in writing. Educate staff on point of sale fraud and ways users can be deceived into sharing information about customers, accounts, and payment information. After training employees, include a POS checklist to refer to while opening and closing the store. This ensures POS data is kept secure even after leaving for the night.
4. Run POS program updates regularly
While updating retail programs seems like such an easy thing to do, it is often overlooked. A diligent approach to managing patches ensures you are protected against newly discovered vulnerabilities.
Make sure you are actively using all programs installed in your system. If there are old programs no longer in use, be sure to uninstall them. To prevent updates from interrupting a point of sale transaction, set a reminder to check for regular updates before or after work hours. Setting time aside after business hours ensures you are not disrupting customer purchases while updating systems.
5. Stay vigilant to secure POS
Failure to equip your POS terminal with proper security measures leaves your business susceptible to breaches like some major retailers have encountered. These are all examples of what could happen if you are not vigilant with your point of sale security. It’s also important to remember that you are not alone. There are plenty of highly-trained experts available to assist in protecting your POS terminal.
If you’re interested in speaking to us about secure POS solutions, fill out the form below and we’ll connect with you.