A 2014 industry report estimates the installed base of point-of-sale (POS) terminals in the United States exceeds 12 million. And an increasing number of data breaches indicates that many of these systems leave significant security gaps. But it doesn't have to be that way.
By taking note of the most effective security practices, you can help your customers prevent security lapses and avoid costly liability. Here are several strategies that will help your clients maintain a secure POS solution.
Steer customers to PCI-compliant POS solutions. While PCI guidelines cover a wide swath of security practices, starting with an appropriate, compliant system will give business owners a head start. In studies of data breaches, almost all occurred in non-PCI compliant merchant environments.
Ensure all terminals are EMV-capable. EMV-ready hardware prevents data theft used in order to produce counterfeit cards and adds additional authentication measures for card-present transactions. When combined with other security strategies, EMV technology works to keep cardholder data secure while payments pass through the POS system. And upgrading terminals to EMV means decreased merchant liability for fraudulent transactions.
Recommend cloud-based solutions. Storing or accessing data in the cloud is becoming more and more popular for many business tasks. And payment processing is no different. Cloud-based systems prevent fraudulent activity by encrypting credit card data when the card is swiped or dipped and preventing storage of valuable data on individual terminals or other physical devices.
Discuss frequent updates for POS systems. It's not feasible for many business owners to implement every possible security feature for their POS solution. But frequent reviews of the system ensure that software stays up to date, passwords change regularly, and there's less opportunity for malware and viruses to take hold.
Limit remote access. Allowing remote access to a POS system creates a secret entrance that could give unauthorized users a way in. Be sure remote access is only granted based on a specific and clearly identified need. Give every remote user separate log-in credentials and review access needs regularly.
Separate the POS from other business systems. A POS solution requires a separate firewall and router and must be isolated from other business systems that access the Internet. And security experts tell business owners that the POS should never be used in order to surf the Internet.
Use complex passwords and change them often. The average person today needs to keep track of almost 20 passwords, and most passwords aren't strong enough to stand up to hackers. Always change the default password on any piece of the POS solution and use 14 characters or more, mixing upper- and lowercase letters, numbers, and other characters.
Create and enforce a security policy. When employees know security is a priority, they are more likely to follow specific guidelines. As part of this policy, implement a system that forces associates to update passwords regularly. Every person should have a unique POS log-in that's never shared.
Check for unauthorized devices. While EMV-ready terminals make it virtually impossible to skim credit card data, the current generation of card readers accepts both magnetic-stripe and EMV cards. That means that merchants should still be on the alert for unfamiliar devices connected to card terminals.
Helping your customers build and maintain a secure POS solution requires layers of security, attention to detail, and up-to-date hardware and software components.
What security strategies do you recommend in order to help customers keep their POS solution safe?
ABOUT THE AUTHOR
Jeremiah Shea leads Ingram Micro’s DC/POS Payments Program and provides support for vendors like Verifone, Ingenico, Magtek, ID Tech, and Equinox. He has been part of the DC/POS division at Ingram Micro now for five years, working with all facets of the business for strategic execution. Jeremiah has also become the subject matter expert on EMV readiness and overall payments strategy. With a technical background and a sound understanding of the business, he is a great resource to tap for any and all questions relating to EMV, but more broadly anything DC/POS related as well.
Phone: 1-800-456-8000 ext 64810