Has one of your customers been the victim of a point-of-sale (POS) system attack? It’s a common concern for businesses of all sizes, not just large retail chains.
In August 2016, PC Magazine reported on breaches to 330,000 POS systems around the world, all using equipment manufactured by Oracle subsidiary Micros. Business types included fast-food chains, hotels, and retail stores.
While reports of data theft via the POS system seem to be increasing, security experts want you and your customers to know that most attacks at the POS can be avoided. But it takes some advance planning and everyday diligence to prevent these types of problems. Here are four strategies you can use to help your clients secure their POS system:
Incorporate end-to-end encryption software
You probably know that end-to-end encryption keeps customer card data out of the POS system from the beginning of the transaction until it moves to the processor. Instead of leaving intact card numbers within the POS system where it could be vulnerable to hackers, the data are immediately encrypted at the POS device. It’s a simple way for merchants to limit the damage if a data breach happens.
Lock down POS devices
Securing POS devices—especially mobile POS devices—means creating and following strict security practices every day. While most employees are honest, there’s no reason to make these devices more accessible than needed.
Recommend to clients that they create a daily lockdown checklist for all POS devices. Limit access to as few people as possible and give each individual user a separate access code. Account for every piece of POS hardware at the end of each day and store the hardware in a secure location without universal employee access.
While complying with the Payment Card Industry Data Security Standard(PCI DSS) can seem difficult and confusing for your clients, its purpose is fairly simple. Avoid storing card data and keep as few business systems as possible from connecting with the POS system, limiting the opportunity for malicious access.
That means looking at card readers, servers, routers, online shopping carts, and even paper files to ensure card numbers are not stored. Limiting the number of POS systems and other business devices that can access credit card data means fewer in-scope systems and a simpler PCI DSS compliance process.
Enable software security tools
While installing and keeping antivirus software up to date isn’t very sexy, it’s an easy security fix that many business owners overlook. Just as malware and viruses are constantly evolving, the software securing the POS system must stay current.
Another option is what’s called “endpoint security.” These software products include multiple security features like malware removal, antispyware protection, and data input and output control for portable devices. Each endpoint—a computer, a server, or a mobile device—is covered by the complete security suite and can be managed through a single dashboard.
Adding these security features can mean the difference between a thriving business and one that has to be shut down due to costly data security lapses.
What strategies do you recommend clients use when securing their POS system?