Datacap Logo

Best practices to keep your POS system secure

The early 21st century may go down as the “Options Era,” particularly when it comes to the array of ways people spend their money. Whether by cash or check, credit card or debit card, customers not only get to spend their hard-earned dollar, but can choose among a manifold of manners in which to pay.

But as more businesses adopt omnichannel point of sales software to cater to their customers’ love of multiple payment options, it’s given identity thieves more avenues to steal data. Consider these sobering statistics from the ID Theft Resource Center, FICO and Verizon’s 2018 Data Breach Investigations report:

By the numbers:

  • 14.2 million – How many credit cards were exposed in 2017, up 88 percent compared to the previous year.

  • 53,308 – Security incidents that occurred in 2018 so far in 65 countries.

  • 76 percent – Percentage of breaches that were financially motivated.

  • 73 percent – Share of attacks that derived from outside the company rather than internally.

  • 40 percent – Share of businesses suffering a security breach pointing to hacking as the type of cyberattack they experienced.

  • 8 percent – Year-over-year increase in card readers compromised in 2017.

  • “14.2 million credit cards were exposed in 2017.”

Compromises come in a variety of forms, including malware, ransomware, phishing, hacking and denial-of-service. Point of sale system breach attempts, which retail companies like Target, Lord & Taylor, T.J. Maxx and fast-food giant Wendy’s have experienced in recent years, are especially common.  And they’re happening with more consistency compared to a few years ago. Indeed, in a 2015 report by Verizon, POS-related security incidents accounted for 28.5 percent of all breaches, with crimeware in a distant second at 18.8 percent. But in Verizon’s more recent investigations report, 90 percent of breaches in the accommodation sector involved POS systems.

Alexander Polyakov, co-founder of ERPScan and member of the Forbes Technology Council, said that the multifaceted nature of POS systems hasn’t come without its share of land mines.

“The simple rule is that with new functionality always comes new threats,” Polyakov warned.

He referenced how a number of big-box retailers have experienced POS-related intrusions, including Home Depot, which had the credit card data of an estimated 56 million customers stolen. Fast-casual food franchises have also witnessed the ill-effects, including Chipotle in May 2017.

 As more businesses adopt Omnichannel Point of Sale Software to cater to their customers’ love of multiple payment options, it’s given identity thieves more avenues to steal.

Unfortunately, no point of sale system is entirely immunized from breaches. However, there are a number of best-practice defenses you can implement to secure your POS. Here are a few of them:

Take advantage of encryption

One of the most reliable encryption methods is end-to-end. As soon as credit card information is processed, it’s re-purposed so it can’t be interpreted by prying eyes.

POS Providers also need to consider the rising importance of encryption to the retail industry, as it may lead to new sales opportunities.

“Encryption needs to happen in the POS terminal hardware and it’s a technology that might have prevented many of these recent breaches,” said Chris Camejo, director of consulting at NTT Com Security.

Create unique passwords

It’s a common recommendation, but that’s because it works. Many individuals and businesses neglect to make their passwords one-of-a-kind, perhaps fearful that they might forget them. PointofSale.com warned that default passwords are rather simple to crack because people often use the same ones, such as the terms “password” or “123456.” Computer-generated passwords are ideal, which tend to be alphanumeric and case sensitive. Passwords should also be swapped out every now and then to ensure uniqueness.

Ensure software is up to date

Providers regularly make updates available when security vulnerabilities present themselves. They’re meaningless, however, if you fail to download them. Be sure to check for updates if you haven’t received any alerts in recent months.

Be fully compliant

Achieving compliance isn’t solely a legal issue – it’s a security issue. PCMag stressed that POS systems should be in accordance with the rules and regulations of the Payment Card Industry Data Security Standard. This includes networks, shopping cars, and servers as well as chip and card readers.

Write your representative 

While all 50 states have their own separate data breach notification laws, a federal statute doesn’t yet exist. The National Retail Federation supports one and has called on Congress to take action. In a letter sent to the House Financial Services Committee, the NRF encouraged legislators to install a uniform federal data breach law, which would enhance transparency by making it easier for companies to recognize threats. It would also require businesses to inform customers when data exposures occur.

The best POS system is the one that’s customized to address the breaches that affect your industry. Datacap has you covered. With over 33 percent of incidents happening at the point of sale, Datacap offers security-centric payment solutions that keep your customers protected, with a three-pronged approach to data security. Take a look at our infographic for more details.