If you think only the largest restaurant operators must worry about compromises to POS security, think again. For starters, now that large chains are addressing data breaches more proactively, “smart” hackers are turning their attention to medium and small sized operations.
The financial fallout from these breaches can run into the multi-millions, potentially wiping out a small business and almost certainly tarnishing its reputation. For another, credit card issuers have set October 1, 2015, as the date on which liability for fraudulent credit card transactions shifts to merchants, if those merchants have not upgraded to solutions that comply with the EMV(Europay/MasterCard/Visa) or “chip-and-PIN” smartcard standard. Such liability, too, brings a heavy financial burden and could spell ruin for the average SMB.
With an understanding of the importance of POS security now established, a look at ways to maintain and even enhance that security is now in order. For best results:
Shore up network security – Without network security, attaining airtight POS security just isn’t possible—and that’s why the Payment Card Industry Data Security Standard (PCI DSS) calls for the installation of a strong firewall. Firewalls screen out network traffic from viruses, worms, and different kinds of malware that perpetrators have configured specifically to compromise POS systems.
Another key means of bolstering network security entails segmenting your operation’s POS devices into their own private network. Entrances and exits to the network should be limited to require systems and ports, and the entire configuration should be monitored for anomalies.
Stay current on software – Software patches, too, decrease or eliminate vulnerability to malware and enhance POS security. Vendors distribute these patches through software updates, which should be downloaded and installed as soon as they have been issued.
Enter the EMV compliance zone – The above-mentioned imminent liability shift alone should be sufficient to induce merchants to give POS security a boost by replacing their existing POS equipment with, or upgrading to, EMV-compliant equipment.
EMV combines PIN usage with a cryptographic component, increasing the security of card-present transactions. Although implementing EMV-ready technology will not necessarily prevent hackers from compromising your POS system to steal payment card data, it does limit their incentive to do so. This is because, with an EMV-compliant system in place, data is not as accessible as it would be had the migration not occurred.
Scan, scan, and scan some more – Waiting to learn whether your POS system has been compromised is no way to approach POS security. Instead, set up and follow a regular schedule for scanning all of your operation’s systems, including the POS system, to determine whether a compromise has been executed or is in the works. Consider engaging a security vendor to remotely scan all of your external systems’ access points and find out whether any are especially vulnerable to intrusion.
Encrypt from end to end – By some estimates, identity theft affects as many as one in four restaurant patrons. Implementing technology that encrypts customers’ payment data from end to end is very effective at curbing this problem.
Practice password savvy – Did your POS system installer use a default password in setting up your online payment processing configuration? Has the password never been changed to a more secure one? Risky move! Obtaining or guessing default passwords is an easy proposition for criminals, and it severely compromises POS security. Opt for complex, computer-generated passwords, choose an equally unique account name, and pick a new password regularly.
Set limits – Don’t risk POS security glitches by allowing employees access to your POS system unless they need it to perform their jobs—and limit access to various levels of data according to staff members’ responsibilities. For instance, servers do not need the ability to view the same complex data as managers do.
There’s no doubt about it—hackers will continue to become more sophisticated in their attempts to perpetrate data breaches. Keeping in mind the importance of maintaining POS security and following the above best practices remains imperative to survival in an environment rife with risk.