FitSmallBusiness

Retail | What is

Point of Sale (POS) Security Best Practices

We have partnerships with some of the companies featured in this article. When you click on links to those sites, our company makes money. These partnerships help support our site so we can keep bringing you the best answers to your questions.

By Meaghan Brophy on April 22, 2020

Meaghan has provided content and guidance for indie retailers as the editor for a number of retail publications and a speaker at trade shows. She is Fit Small Business’s authority on retail and ecommerce.

This article is part of a larger series on POS Systems.

POS security is preventing unauthorized access to your customers’ personal information such as their credit card number. Unauthorized access, also known as a data or security breach, can have devastating consequences for small businesses and customers.

Your point-of-sale (POS) system is the nerve center of your small business. It enables you to process transactions, manage customer data, and review analytics. It’s also one of your business’s most vulnerable assets because it houses so much data, including customer contact and payment information.

Once there is a POS breach, your customer data is exposed, and there is no way to corral the data back in. POS breaches can happen easily, similarly to how your personal computer is vulnerable through simple mistakes like choosing a weak password, clicking on a link in a suspicious email, or trusting someone on the phone who says they’re from the IT department.

Top POS Vulnerabilities

Larger retailers like Target and Macy’s have a higher risk for data breaches than small businesses. However, small companies are still susceptible to conventional hacking methods and other vulnerabilities.

  • Skimming: Skimming involves adding physical hardware on top of a payment processor to scan and collect credit card information fraudulently. Skimming is most common at fuel pumps and other businesses that have less in-person oversight. However, it’s also possible with any physical payment terminal. Careful supervision of payment terminals and regular inspections for any damage or irregularities can help prevent this.
  • Ram scraping: Ram scraping is an older, specific kind of malware attack that involves stealing credit card information from the POS before it becomes encrypted. Having POS systems operate on a separate business internet network with additional firewalls can help prevent this.
  • Outdated operating systems: Apple and Microsoft (depending on if you’re using an iOS or Windows system) stop supporting old operating systems. If you’re using an old system, it may no longer be supported, which means you are no longer getting security updates. The same applies to outdated internet browsers if your POS is web-based.

10 Best Practices for POS Security

As a small business, you likely don’t need a Fort Knox-level security system. However, there are a few simple, low-cost best-practices that will increase your POS security.

  1. Choose strong passwords: A strong password is unique to that login, at least six characters long, has a combination of letters, numbers, symbols, and both uppercase and lowercase letters.
  2. Limit employee access: Only allow individuals access to parts of the system required for their job. Sensitive data, like credit card numbers, should always be encrypted.
  3. Inspect terminals regularly for signs of tampering: An easy way to do this is to take pictures of your equipment with a smartphone and compare them often. Check for new or additional cables, loose credit card access points.
  4. Be wary of unexpected requests: Many criminals will prey on trusting employees with emails, phone calls, text messages, and even in-person visits claiming to be IT or customer service.
  5. Encrypt all data and transactions: The best POS systems will have encryption methods built right into the software.
  6. Install anti-virus software: Since malware is the primary tool of many cybercriminals, you should run regular scans to help keep your system clean.
  7. Keep POS software up-to-date: Software updates provide regular patches to fill known security vulnerabilities; neglecting to update your software leaves your system wide-open to hackers.
  8. Monitor all POS activity: You can head off much of the damage done by a data breach by catching irregularities (such as a surge in transactions or changes in customer accounts) early on.
  9. Segment your business network: A POS terminal that’s connected to a Wi-Fi network that’s also accessible to the public—like those in coffee shops—gives hackers much easier entry to your system. Instead, run your POS and payments on a separate network from the ones that are available to employees and customers.
  10. Upgrade to chip (EMV) readers: If you’re still using swipe-only credit card readers, you’re using outdated, insecure technology that puts your customers at risk. Implement chip readers for more secure transactions.

Who’s Responsible for POS Security?

As the business owner, the responsibility for your customer’s data security ultimately lies with you. While the POS system you choose should provide security features like encryption and regular updates, it’s on you to use them to protect your customers. In the event of a data breach, your company will be held accountable.

Responsibilities of Small Business Owners

  • Physical safety of all terminals and other POS equipment.
  • Regular installation of security updates.
  • Monitoring transactions and users of the POS system.
  • Using all security features provided by the POS company to its fullest potential.
  • Installation of firewalls, encryption, anti-malware, and other security measures on your business’s computer system.

Responsibilities of POS Systems and Payment Processors

  • Provide robust security tools and features to the POS system.
  • Release regular updates to patch known security vulnerabilities.
  • Communicate with clients when major threats or breaches occur.
  • Offer round-the-clock customer support and/or fraud reporting systems.

POS Security Costs

Most POS software and terminals have built-in security features that come at no additional cost. However, there are extra steps you can take for enhanced security.

  • Anti-virus software: You can pick up anti-virus software for your computers relatively cheaply. Products like McAfee, BitDefender, and Norton offer business packages for up to 10 machines at a cost ranging between $150 and $300 per year.
  • Firewall: The price of a firewall for your computer system will vary depending on your particular system. Smaller businesses can get a firewall running for less than $100, while big companies with complex security needs can potentially spend tens of thousands of dollars.
  • Security cameras: If you’re running a retail store, a camera pointed directly at your POS terminal isn’t just invaluable—it’s a necessity. Companies like SimpliSafe, Vivint, and ADT sell plans that start at $14.99 per month.

Adding anti-virus software, firewalls, and security cameras can help protect your store, employees, and your POS system. The cost of those measures is worth securing one of your business’s most vital components.

Bottom Line

Since so many business programs integrate, a breach of your POS system can put data from your accounting, payroll, marketing, website development, and online stores. The costs of a POS security breach to both your business and customers are impossible to calculate, which makes it essential that you take the steps necessary to protect this data. The good news is that providing that protection is a simple affair for business owners who are engaged, observant, and vigilant.

About the Author

Meaghan Brophy

Meaghan Brophy is Fit Small Business's authority on retail and ecommerce. She has provided content and guidance for indie retailers for years as the editor for Independent Retailer, a RetailWire BrainTrust panelist, and speaker at trade shows such as the Independent Retailer Conference, UpperDeck, and NY NOW. She is frequently quoted as a retail expert in top publications like The Washington Post, Forbes, NBC News, Business Insider, Reader’s Digest, and Retail Dive.

@meaghanbrophy

×
Sign Up For Our Retail Newsletter!
Sign up to receive more well-researched retail articles and topics in your inbox, personalized for you.
This email address is invalid.
×
Sign Up For Our Retail Newsletter!

Reader Interactions

Submit Your Comment

You must be logged in to comment. Click a "Log in" button below to connect instantly and comment.

LOG IN