Business owners who fail to secure their POS and credit card terminals are vulnerable to breaches. Here are some important POS security protocols to note.
Note Modal and Serial Numbers
Note all your POS equipment’s serial and model numbers and verify that numbers match their assigned devices during your routine inspections. Regularly inspect your POS equipment, PIN-entry devices, and credit card terminals for any signs of tampering. Such signs may include broken seals, extraneous wiring, missing screws, and additional labels. The last may indicate that the device has been altered.
Use only security-compliant devices
Visit the official website of PCI SSC to view a list of approved devices. Also, consider installing surveillance cameras in your stores. This way, you can monitor store activities the whole time.
Secure your store network
Keep important information away from prying eyes by making sure your card terminals, POS, and screens are positioned for maximum privacy. Use secure stands, shelves, and security cables to prevent unauthorized removal. Use locking stands to protect your equipment and mount your PIN pads securely on the counter.
Keep POS activity safe by running it on a separate network, not the same one the guest Wi-Fi is on. Your network data should be encrypted so traffic and activities aren’t visible to anyone else.
Remember that not all encryption standards are the same. Always choose Wi-Fi Protected Access version 2 (WPA2) encryption when encrypting your network because it is the newest and most secure standard in the industry.
WPA2 makes you less vulnerable to attacks compared to encryptions like WPA and WEP because it adds Advanced Encryption Standard (AES) which can strengthen your encryption.
Have your network audited
Have this done on a regular basis to prevent remote access. Actions like scanning your network for weaknesses and ensuring hardware and software compliance are normally part of auditing.
Check software apps
Applications and software can certainly help you run your business better, but if they’re not managed properly, you’ll have issues.
When naming your networks, avoid words that would easily identify your business like Jim’s Tool Shop. It’s best to stick to something vague, like “network” or random letters and numbers.
Don’t ignore updates
Don’t ignore app update prompts. The newest version of a solution or app contains the most updated features and security measures, so it’s less vulnerable to breaches and hacks.
Have as few apps as possible
All programs have vulnerabilities, so fewer apps means smaller risk of attacks. Remove all the programs you’re no longer using. To make your devices even safer, consider using application control to block or restrict unauthorized programs from running
Make strong passwords
Keep your POS, accounts, and other devices safe with strong passwords. Install an antivirus program to keep your devices safe from viruses, worms, and malware. Remember to update your antivirus on a daily basis to ensure you have the latest protection at all times.
Change any default passwords on your POS, computer, Wi-Fi, and other accounts or devices. This will help keep everything secure. And never use the same password for more than one account! You don’t want someone to access the rest of your accounts after they got their hands on one password.
It might be a good idea to get a password manager because keeping track of unique passphrases can be difficult. These applications can make, manage, and safeguard your passwords for you. All you need to do is remember one main password (or passphrase) so you can access the app.
On that note, make passwords passphrases to be even safer. Longer passwords are harder to crack, so create something composed of multiple words rather than just using one word or set of characters.
The best option is to go for long, unique passphrases you can easily remember.
More and more websites and solutions providers are starting to use multi-factor authentication systems. MFA means that after logging in, the user goes through multiple authentication methods. For example, the system will further authenticate you by asking you to enter a code sent to your mobile device in addition to signing in with your username and password.
MFA adds an extra layer of security to your accounts, and we recommend you enable it whenever possible.
Safeguard customer data
Securing your own data is not enough. As a retailer, you should make every effort to protect customer information.
For the uninitiated, EMV was developed by Europay®, Mastercard®, and Visa® (hence the name) as a way to combat fraud. This technology powers chip-and-pin cards, a new type of debit and credit cards that’s far safer than magnetic stripe (i.e. swipe-and-sign) cards. EMV can protect you and your customers from credit card fraud, so it may be time to transition to this payment standard if you haven’t so far.
EMV cards are embedded with a chip, which generates a unique code that changes for every transaction. This makes it less vulnerable to fraud because the original transaction code is no longer usable even if a hacker manages to counterfeit a chip card, and the card will be declined.
Apply PCI standards
These standards apply to companies that store, process, or transmit payment card information. Companies handling cardholder information need to comply with PCI standards. Normally, payment terminal providers deal with cardholder data, which means they’re the ones that need to be PCI-compliant.
What does this mean? You need to make sure the companies you assign to handle cardholder data are PCI-compliant if you don’t deal with payment card data directly.
Try not to collect and hold data
Before collecting any type of customer data, ask yourself: do you need it? If the answer is no, don’t collect it. The best way to protect yourself from data theft is not giving thieves anything to steal in the first place. If you do get information from your customers, don’t keep it longer than you need to.
On a final note, it may also be necessary to follow legal and regulatory requirements to protect personally identifiable data. Check the consumer protection laws in your area before handling shopper information, especially when it comes to getting consent and using consumer information, as well as storage, disclosure, and retention.