What Should Retail Businesses Know About POS System Security?
In the May end, Checkers Drive-In Restaurants, Inc. made a startling announcement related to a serious data breach that had occurred at nearly 15% of its popular drive-thru restaurants, Checkers and Rally’s. The company discovered a malware at the point of sale (POS) systems of its 102 restaurants over 20 states across the country. Hackers installed this malware at the POS systems of the restaurants, so that every time a credit card or debit card was swiped at the POS system, they could obtain all the card related sensitive information that are stored in the card’s magnetic stripe. This information includes crucial card details like the card number, card verification code, name of the cardholder, and card expiry date.
The amount of time for which this malware been active on the POS systems varies from store to store. While some stores were infected by this malware back in 2015-2016, at some stores the malware was installed more recently in 2019. On detecting the malware on its POS systems, the company collaborated with 3rd party cybersecurity experts for the removal of the malware from its systems.
If you run a business that relies on POS payments, especially in the hospitality sector where instances of POS malware tend to be quite common, then this is the time for you to think about how secure is your POS system really. Malware attacks are among the leading causes of data breach. Hence, you must ask yourself, are the retail transactions taking place on your POS system safe? Or is there a malware lurking somewhere in the system threatening the confidential payment data of your customers as well as your business reputation? After all, you don’t want to go through the damaging consequences of data breach and loss.
Below are some tips that you should keep in mind for ensuring and maintaining the security of retail transactions at your POS systems:
-
Strict PCI DSS Compliance Should Be Your Number 1 Goal
PCI DSS Standard refers to the data security standard that payment industry needs to adhere to. The standard outlines a number of security related controls and practices that a business should follow for safely processing the credit card transactions for its customers. Fulfilling the requirements of this data security standard can help tremendously in running a more secure business. Hence, you should keep checking from time to time that you are complying with the guidelines stated by the PCI DSS Standard. If you need help in doing so, you can always contact a network security services company to enable you to stay in the compliant zone.
-
Work On The Physical Security of Your POS Device
It’s not just the software security of your POS system that you should be concerned about, but also the physical security of the actual POS device. Not implementing strict rules regarding who can access the POS device and where can make the device vulnerable to tampering by any notorious element. You want to have a designated space for your POS device, where only few select employees of yours can access it for processing all payments. If your POS device has a USB port, then protecting the USB port is also something that you should focus on, because it wouldn’t be that hard for a cybercriminal to plug a device containing malware into this port and thus infect the POS system.
-
Implement Comprehensive Encryption for Payment Data
Encryption is one of the most powerful means for masking data that is highly confidential and that you want to protect at all costs. Implementing encryption end to end for your POS transactions can be a great way to ensure that no malicious party is able to read the sensitive card data. With end-to-end encryption, the card data will be encrypted as soon as the card is swiped, and will remain encrypted as it is being transferred for further processing.
-
Restrict the Activities That Can be Performed Using the POS
Do you use your POS system for activities other than payment processing too? Perhaps to browse Internet for a while or check a couple of emails in the free time? If yes, then you might want to put a stop to all these extraneous activities! It’s best to use the POS system solely for the chief purpose that it serves, which is processing payment transactions and doing other relevant POS tasks. When you’re browsing the Internet, something as simple as clicking on a link or an advertisement pop-up can prove to be detrimental enough to launch a malware attack on the system. If you keep the Internet usage at the POS restricted, then you can reduce the chances of the POS system getting infected by Internet-based malicious software.
-
Have an Anti-Virus Software Installed on Your POS System
Although installing an anti-virus software seems like a simple measure, it has the potential to be effective against most malware threats. You can rely on a good anti-malware solution to detect any possible threats and to inform you about the same. The solution can further guide you on how to remove the threat and secure your system.
-
Update and Scan Your POS System Regularly
The software running your POS needs to be updated regularly. So, whenever you receive security updates for the software, make sure that the updates are installed on time. Additionally, you should ensure that the POS system undergoes regular scanning for the identification of any possible data security problems. If your POS system has been breached, then a scan will be able to reveal that, thus allowing you to stop the breach at the earliest and prevent any more damage.
To learn more about the correct way to address cybersecurity problems and recover from them, we recommend reading the following:
https://www.nist.gov/itl/smallbusinesscyber/responding-cyber-incident
https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
https://www.nist.gov/sites/default/files/documents/2017/12/01/recovery-webinar.pdf