5 Ways to Increase the Security on Your POS System

Posted by on March 12, 2013 in Business Technology [ 0 Comments ]

5 Ways to Increase the Security on Your POS SystemYou naturally want your business’s point of sale system, or POS system, to be intuitive, simple, comprehensive, and secure. But even with the most basic system, customers’ personally-identifiable information goes across POS networks and is processed by POS servers when they pay with a credit or debit card.

Credit card processors require merchants to maintain a certain level of compliance with Payment Card Industry Data Security Standards (PCI-DSS) specifications, but this may not be enough to secure your POS. Fallout from a data breach can be devastating, particularly for smaller businesses, with business owners facing fines, audits, and customer anger. Here are 5 ways to make your POS system more secure.

1. Manage Staff Permissions Closely

Managing permissions as to which staff members can do which tasks is critical to POS best practices. In a restaurant, for example, you should control which members can adjust orders, and which tasks require management overrides. Particularly with iPad-based POS systems, you need to lock out staff from doing non-work-related activities. Sometimes, smaller merchants either leave passwords blank or stick with vendor-supplied or otherwise weak credentials. Assign passwords to users, mandate frequent password changes, and make sure your system has the ability to continuously monitor the system for malware, hacking attempts, and viruses.

2. Don’t Think Your Business Is Too Small for Hackers to Bother With

Some small businesses have the unrealistic idea that they are somehow too small for hackers. However, if you’re a hacker, stealing a small amount from a large number of systems gets the same results as stealing a large amount from fewer systems. You should never assume that your business is too small to have to worry about hackers or targeted malware.

3. Use PCI-DSS and RSPA Certified Systems

While credit card processors require you to adhere to PCI-DSS standards, you should consider these security standards to be a baseline. Some processors offer additional security training; if yours does, you should take advantage of it. The Retail Solutions Providers Association (RSPA) certifies some POS systems. This credential adds an extra layer of security without compromising your ability to scale your POS system up over the long term.

4. Use Physically Secure iPad-based POS Systems

Newer POS systems, including iPad-based systems — such as Groupon’s Breadcrumb all-in-one system — and systems like Square and PayPal Here are becoming more popular, particularly for smaller and more mobile businesses. While you can’t physically tie down iPads, there are businesses for which it is reasonable to physically secure iPad POS terminals to prevent disgruntled employees or other sticky-fingered people from walking off with one of them. Solutions like the SwitchBack iPad enclosure securely mounts an iPad in place while allowing for a Square or PayPal Here reader to be installed.

5. Ensure Your POS Only Communicates with Your Bank

Segmenting your network is highly advisable. If you’re using a Windows-based OS processing system, your POS machines should be connected with your payment processor and bank only. Subway restaurants that were targeted by international hackers a few years ago used Windows-based POS systems that were also connected to the internet, allowing access to hackers who simply scanned blocks of IP addresses for Windows machines that were accessible from remote desktop protocols.

Your business, no matter how large or small, should have defined policies and procedures related to your POS protocols, with clear definitions of who can access various transaction-related resources. You should have someone accountable for security issues. This may be your POS vendor, and if it is, they should explain to you exactly how they help you maintain POS security.

Photo Credit: Helen Zhu

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>