Using A Mobile POS… The Secure Way
Posted by Kate Webster on March 7, 2013 in Business Technology, POS Systems [ 0 Comments ]
Mobile POS systems seem to be taking the small business world by storm. Portable, plug-in hardware that makes credit card reading easy and relatively inexpensive has allowed many businesses to begin making sales left and right.
However, many are questioning the overall security of these mobile card readers, and for good reason. Though they cut back on the risk of cash-theft, they could be putting customers’ credit card information at risk, which could be even more damaging.
Related: Get started with mobile POS today
When deciding on a mobile POS solution for your small business, be sure that they can provide you with the most extensive security coverage possible.
Use Validated Applications
New information concerning the security of mobile POS transactions is giving both consumers and merchants mixed answers. As of July 1, 2012, both MasterCard and Visa now require the use of only PA-DSS (Payment Application Data Security Standard) validated payment applications.
The tricky part is that all POS applications running on consumer electronics (iPhones and Androids) aren’t eligible for PA-DSS validation. However, this doesn’t necessarily mean that they aren’t secure, but just that they haven’t yet been approved for assessment.
- Because mobile devices are commonly used for smaller transactions, they are not yet required to be assessed for security. Therefore, it is the merchant’s own responsibility to enquire about the applications level of security when purchasing.
- If possible, consider investing in a mobile POS system that is PA-DSS approved, not simply one that plugs into a smartphone. Though they are usually more expensive, if you are going to be dealing with higher sales (restaurant servers, for example), the peace of mind will likely be worth the investment.
Secure PANs, Signatures and Receipts
There are a variety of steps to the mobile POS purchase. From customer information input (card swiping or account number entry) to receipt-printing, you want to be sure that both you and your customers are being protected every step of the way.
- Point-to-point encryption should be offered by your mobile POS accessory. The PCI SSC now has an encryption standard from mobile POS providers to abide by.
- Though customers should never be required to enter their PIN (person identification number) onto a mobile POS device, they might be required to enter their account number (PAN) if their magnetic stripe isn’t reading. The security of keypad-entered information has yet to be verified.
- Customers that are asked to sign for their purchases on mobile devices also run the risk of having their signature saved on the device. Make sure your mobile POS solution protects against this.
- Receipts also require more customer information to be obtained, whether through a phone number or email address. Assure your customers that you won’t use their private information in any unauthorized way, and be sure to display validation logos of major card carriers.
Develop a Mobile Device Security Policy
Besides finding a mobile POS provider that can provide you with the highest level of security, the other most effective way of protecting your transactions is by developing a security policy for your mobile POS.
Displaying your security policy to your customers allows you to ease customer concerns by showing them the terms of the transactions and the security features that are included.
- Developing a mobile security policy will help your business plan out the necessary measures to take if there is a security breach. Having customers sign a policy before purchasing will also help diminish your liability in the event that the security features of the mobile POS do not function as claimed.
Mobile POS technology is still in the early stages of development, and though many small business owners are jumping on the bandwagon without thinking twice, you should be sure that you are offering your customers the highest level of protection. If possible, invest in a mobile POS system that holds up to PCI SSC standards, and can clearly display its security credibility.