POS Security: Protect Retailer and Customer Data
How to Secure Your Point of Sale (POS) System
There are many security risks in a retail environment for businesses to navigate through today. POS security is one topic that should not be taken lightly. First of all, what is a POS? Point of Sale (POS) is the space at the store where customers go to make a purchase. They pay for their items at a POS system, which is comprised of the software and hardware used to track the financial transaction. POS system security is a topic that can be complex due to the sophisticated nature of attacks on networks recently. Here are some steps to make sure your POS is secure.
1. Use PCI-validated point-to-point encryption (P2PE) & EMV
Every retailer is required to meet standards outlined by the Payment Card Industry Security Standards Council (PCI SSC). Upholding these Data Security Standards (DSS) put in place by this council is something retailers must adhere to or they could pay a fine. The PCI SSC puts out a list of vendors that have this offering if you are unsure about which vendors to choose. Many less expensive POS systems will not offer this extra validation and security control. While the cost may be higher, the potential for fraud is reduced dramatically as will the PCI compliance scope required of retailers.
Adoption of the EMV (chip card), instead of a magnetic strip card is also crucial. EMV has greatly reduced card-present fraud in the U.S. since its’ introduction. There is convenience in this too. Retailers can also opt to not require signatures on receipts because the merchant is no longer liable if a breach occurs. When using P2PE, data is basically stored as a code or “token,” making it impossible for hackers to find this useful. Keeping thousands and thousands of slips of paper to defend against chargebacks becomes unnecessary.
2. Keep your point of sale systems restricted to a select few
It is important to make sure point of sale systems stay only in the hands of trusted employees that are approved to use them. It is not essential that everyone get trained if they are not using the system. Limit the use of your networks to those users that have permission and who are trustworthy.
To ensure your business stays protected, make sure the devices are locked down at the end of the day. If your POS is mobile, this prevents employees from making the mistake of taking devices home by accident or stealing. There is always a chance it can get into the wrong hands and with your POS software installed on it, anyone can do damage to your network. Make sure devices are accounted for at the end of the day.
3. Ensure staff understands how to work the POS
Learning about terminal security should be incorporated into your employee POS terminal training. This training can be separate from your overall store security training. During the training, discuss how to recognize if a terminal has been physically tampered with and how to ensure terminals are shut down or secured before leaving the store for the evening. They should update their passwords regularly and use strong passwords (combination of letters, numbers and characters).
In addition, it is important to clearly state and put in writing your policies on POS security. Also educate staff on point of sale fraud and ways users can be deceived into sharing information about customers, accounts and payment information. Include a POS security checklist after training employees to refer to while opening and closing the store. This ensures POS data is kept secure even after leaving for the night.
4. Run program updates regularly
While updating retail programs seems like such an easy thing to do, it is often overlooked. A diligent approach to managing patches ensures you are protected against newly discovered vulnerabilities. To prevent updates from interrupting a point of sale transaction, set a reminder to check for regular updates before or after work hours.
Also, take this time to make sure you are actively using all programs installed in your system. If there are old programs no longer in use, be sure to uninstall them. Setting time aside after business hours ensures you are not disrupting customer purchases while updating systems.
5. Stay vigilant
Failure to equip your POS terminal with proper security measures leaves your business susceptible to breaches like some major retailers have encountered. These are all recent examples of what could happen if you are not diligent with your point of sale security. Staying diligent on a regular basis and being on your guard is always important. It’s also important to remember that you are not alone. There are plenty of highly-trained experts available to assist in protecting your POS terminal.
If you’re interested in speaking to us about secure POS solutions, fill out the form below and we’ll connect with you.