Improving POS Security – Better Safe Than Sorry

icon padlock and words data management

POS Security Improvements

It appears that criminals are getting more brazen, clever, and successful in hacking online and offline devices, victimizing businesses worldwide – even those that meet basic requirements of the Payment Card Industry Data Security Standards (PCI DSS).  Alarmingly, hackers have galvanized our collective concern by breaking into POS or Point of Sale systems at major retail stores, stealing valuable information.

Consequently, merchants must become proactive and savvy to avoid or at least mitigate the chances of fraud by enhancing security measures.  The following lists some important steps that point of sale merchants should implement to improve POS security:

Lack of Procedures

The PCI DSS rules require a formal procedure in place to identify vulnerabilities to your POS security. Unfortunately, most companies only do the minimum required and let these security procedures go lax for days, weeks or months at a time. Risk assessment of what is vulnerable in your POS system needs to be an ongoing concern and addressed on a timely, regular basis.

Change Passwords Frequently

You might be surprised at how many retailers do not change the factory default passwords on their POS system after they purchase the device. Such laziness is an open invitation to be robbed by hackers. You need to change the password before you use the POS system in your business. You need to set up a simple system of changing the password on a frequent basis and mix up the days in which you do so. Try never to go back to the same password twice to keep hackers off-balance.

Hire the Right Employees and Train Them to be Vigilant

Employee background checks are becoming more frequent and with good reason: Hiring responsible, ethical employees will ensure your business’s profitability and exemplary reputation.  Such employees will not take a bite out of your cash flow or commit the purposeful illegal act of stealing card holder data.

A dedicated, thoughtful staff will also take your business’s security much more seriously.  However, training must be implemented as even the most intelligent and sensible employees can show lapses in judgment.  Consider, how easy it is to fall for email phishing schemes, for example, where employees unknowingly download malware.  Data breaches are all too commonly caused as a result of human error, not necessarily the fault of technology.

Vulnerable Remote Desktop Software

Is your POS system an all-encompassing unit or does your point of sale system have connecting backend software?  The more “connecting points” to your POS, the more vulnerable your business is to data theft.  Ensure that all software is secure and employ some type of additional malware/spyware program.

Failure to Keep Alert

POS security systems are hacked into for a number of reasons. But like most thieves, hackers generally break into the system that has the least security.  (Of course, protection is only strong as the weakest link.)  Hackers search for the following weaknesses in a POS security system;

–       Lack of Firewall Protection

–       Gaining Remote Access though Backdoor Servers

–       Discovering Systems using Default Vender Codes and Credentials

These are open door invitations to hackers. In addition, some of these criminals are actually hired initially by businesses as technical experts to find out this valuable information, only to later steal the money through the internet from a place far away.

Additional POS Security Validation

One popular method of augmenting POS security is using the Payment Application Data Security Standard (PA DSS). This form of security adds an extra layer that can dissuade all but the most determined hackers. However, like the PCI DSS it must be maintained otherwise it’s no better than what you have right now.

Improve your POS Security Skills

There is now a Qualified Integrators & Resellers program available from the PCI Council that provides valuable training about POS security methods. By taking such training or having a trusted employee do so, you can improve the overall POS security at your business and create a safer environment for you and your customers.

By employing all of these methods, you will harden your POS security to the point where it discourages most hackers from even attempting to break into your system. While no security procedures will make your POS system 100% safe, by taking time and exerting effort, you can drastically improve your POS security.

For more info, contact HarbortouchHarbor.com at 973-390-0852.

HarbortouchHarbor.com is an authorized agent of Harbortouch, a registered ISO/MSP of First National Bank of Omaha, 1620 Dodge St., Omaha, NE - FDIC.