POS Security and Protecting Data in 10 Steps

Unauthorized access to transaction data, such as client payment information, credit card numbers, usernames, passwords, birthdays, and addresses, is prevented by point-of-sale (POS) security. Small and big companies alike must have effective point-of-sale security.

There are many steps you may take to assist secure your customers’ personal information as well as your company. Because some of these tasks should be repeated on a regular basis, it’s critical to make these ten steps the best practices for your company.

1. Check for tampering at the terminals.

Check for card skimmers, wires, and other tampering on a regular basis. Keep a list or images of all your terminals with their serial numbers so you can compare them to the real terminals to be sure they haven’t been replaced.

2. Restriction of POS System Access

Managers will need access to your POS system’s backend, so only provide rights that are required. Other staff who need user access should also be on the lowest level. Vendors may also need access. Keep track of who has access and what degree of access they have so you can track down any security breaches and where they happened.

3. Select Secure Passwords (and Change Them Often)

Passwords that are simple to guess should be avoided. A lengthy series of numbers, letters (upper- and lowercase), and symbols is what you’re looking for. It’s also a good idea to update these passwords on a regular basis, and you should train your colleagues to do so as well.

4. Teach anybody with access to the backend about phishing.

Malicious attackers usually attempt to get employee or vendor credentials by email, but requests may also be made over the phone or in person. Make sure that everyone who works for or with you is aware of how to prevent being a victim of social engineering. No legitimate customer service or IT employee, for example, will ask for your account and password. Always double-check.

5. Encryption

Most POS systems will encrypt any data saved on the system using 256-bit encryption, but it’s a good idea to utilize a payment gateway that also uses end-to-end encryption. Data will be encrypted from the transaction to the gateway as a result of this.

6. Download and install antivirus software

Malware may be prevented by using antivirus software on your POS equipment. It will check your system on a regular basis and discover any malicious files or software. Speak with your POS software account executive if you’re unclear about which software to use or how to install it.

7. Ensure that your POS software is up to date

All types of software and components are updated on a regular basis, and these updates may contain new features as well as fixes for any vulnerabilities that hackers may exploit. It’s critical not to wait for new updates since they may secure your data. EMV is used by 75% of US shops as of March 2019.

8. Credit Card Readers Should Be Upgraded

It’s a good idea to upgrade to EMV chip card readers if you’re still utilizing outdated swipe-type card readers. Customers are more protected from fraud with these chip-and-pin terminals than with swipe or chip-and-signature devices.

9. Create Wi-Fi Network Segments

Customers at a brick-and-mortar shop benefit from an external network since they receive free Wi-Fi, and you’re likely collecting important data. Because hackers may quickly attack a system and acquire access to payment information, be sure your network is separated. Only utilize an internal network for payment processing and business-related internet browsing.

10. Monitor POS Activity & Keep Track of Devices

Keep an eye on your system’s POS activities. Check to see whether the sales and inventory counts are correct and if there are any unusual patterns in the activity. Also, if your staff accepts payments from consumers using portable devices, make sure you collect them all at the end of the day and lock them away. Employee theft is a worry, but a device might be lost or stolen at any time, and you must respond quickly if this occurs.

The Costs of Securing Your Point-of-Sale

The majority of your POS security will come from your POS system’s built-in capabilities. There are, however, additional security measures you may take that align with the best practices and advice listed above.

  • Antivirus software: Antivirus software for your company’s systems will cost about $200 per year on average. McAfee and Norton are two popular choices.
  • A physical firewall, also known as a router, may aid in the protection of data flows on your small company network. Prices vary, but you should expect to spend between $100 to $300 for one. SonicWall and Cisco are two popular choices.
  • Security cameras: Installing a camera that covers any places where POS terminals or devices are located is an excellent approach to keep them safe from physical tampering. Plans start at $19.99 per month with business security systems like SimpliSafe, Vivint, and ADT.
  • If you haven’t updated yet, EMV chip readers may be the most expensive item. EMV readers may cost anything between $500 and $1,000 apiece. Make sure you’re using the most up-to-date payment technologies by contacting your merchant account provider.

Who is in charge of POS security?

At the end of the day, every data breach is the responsibility of the data owner (the merchant). As a result, even if a data breach happens as a result of stolen third-party vendor credentials, the retailer is still liable. To assist in securing POS hardware and software, most POS firms provide security measures.

Small Business Owners’ POS Security Responsibilities

  • Maintain the physical security of terminals and other POS equipment.
  • Maintain POS software security upgrades on a regular basis.
  • Keep an eye on the POS system’s transactions and users.
  • Limit who has access to the POS system’s backend.
  • Utilize all of the POS company’s security measures to the utmost extent possible.
  • On your company’s computer system, install firewalls, end-to-end encryption, anti-malware, and other security measures.

POS Security Responsibilities of POS Systems & Payment Processors

  • Provide the POS system with strong security tools and capabilities.
  • Patch known security vulnerabilities on a regular basis.
  • When severe risks or breaches occur, notify clients.
  • Provide 24-hour customer service and/or fraud reporting methods.

What Happens If POS Security Isn’t Provided?

Data breaches impact practically all businesses, according to a new report by IBM and the Ponemon Institute, and they’re especially costly for the healthcare industry, with an average cost of $7.13 million. Thanks to tighter security for POS systems, retail data breaches have decreased to an average of $2.01 million from $3.9 million in 2015.

Hundreds of millions of consumers’ personal information was exposed in the greatest retail data breaches. In 2013, the credit card information of around 110 million Target consumers was stolen. The Home Depot’s systems were hacked in 2014, resulting in the theft of 56 million credit card data. Meanwhile, TJ Maxx suffered a $162 million loss as a result of an 18-month cyber attack that began in 2007.

POS-Security-and-Protecting-Data-in-10-Steps

How Do Hackers Get Into Point-of-Sale Systems?

Businesses don’t always divulge the facts of a data breach, but in the case of these big breaches, the information emerged over time as the company tried to preserve data and compensate consumers harmed by the breaches.

  • Target: An unauthorized user gained access to Target’s POS system using vendor login information, then installed malware to steal credit card information.
  • Home Depot: A hacker exploited vendor credentials to gain access to the hardware store’s network and put malware into it, stealing the credit card information of 40 million consumers.
  • TJ Maxx: The retail behemoth had out-of-date Wi-Fi security, which hackers were able to attack. They were able to collect employee logins and use them to acquire unencrypted transaction data (for 18 months).

The fact that the aforementioned events involved huge firms does not rule out the possibility that small enterprises would be targeted as well. According to Symantec’s 2016 Internet Security Threat Report, the proportion of SMB cyber-attacks climbed from 18 percent in 2011 to 43 percent in 2015. According to a ConnectWise poll from 2020, 55 percent of SMBs had experienced cyber-attacks, costing an average of $58,902. As a result, POS security is becoming more critical for small companies.

When a data breach occurs, who is responsible for fraudulent charges?

Unauthorized debit and credit card costs are typically borne by financial institutions (banks and payment processors). However, these financial institutions may sue a retailer to recover the costs of safeguarding customers—Home Depot and Target both reached settlements with banks.

Conclusion

The most important conclusion from all of this information is that the majority of data breaches that target POS systems are caused by stolen credentials and malware, both of which are avoidable. Follow the actions indicated above to guarantee you’re completely secured. Although you are ultimately responsible for protecting your customers’ data, using the latest POS hardware and software may help you achieve top-notch POS security.

Frequently Asked Questions

How do you secure a POS system?

It is imperative that your POS system be secured with a strong password and IP blocking. These are the first steps in securing any computer or device, as they allow you to lock out anyone who might attempt to hack into it.

Previous Post
Next Post