Did you know, if your payment system offers low levels of security you could be held responsible for the cost of any breach?
Helpfully, the PCI Security Standards Council has identified 5 key areas where payment processing can be vulnerable to thieves: compromised card reader, paper stored in a filing cabinet, data hidden in a payment system database, hidden camera recording entry of authentication date, and a secret tap into your store's network.
There’s plenty you can do to make sure your POS systems are safe and secure. Here are our top 5 tips…
1) Protect payment data
Each step in the payment process needs to be secure, including the transmission of payment data, so run quarterly checks on your firewalls, hardware and software, and remember to apply any updates to your software as soon as they are released.
Choose strong passwords that include upper and lower case letters, numbers and symbols, and change them every few weeks. Only share passwords with members of staff on a need-to-know basis and never post passwords around the point of sale area or anywhere else they can be seen by prying eyes.
Limit attempts to log into machines, locking people out after a few unsuccessful login attempts. Keep track of who has access to routers and network settings, and don’t store electronic or paper-based payment data.
2) Check card readers and POS area for suspicious activity
Criminals often target POS terminals with sophisticated bugs and skimming devices to gather cardholder data and PINs during routine transactions.
Make it part of the daily routine to check all payment terminals for missing screws and seals and also new stickers and labels that might mask damage inflicted while tampering.
Fixing your payment terminal to a stand, such as Tailwind’s FlexiPole solution, is the best way to prevent tampering. If the stand is fully secure, the payment terminal is locked in place and cables are routed out of harm’s way. Tailwind’s FlexiPole also has a bespoke back plate or PEDPack, which prevents criminals from reaching the delicate electronics inside the machine.
It’s also known for criminals to point hidden recording devices towards payment machines to record customer’s PIN-entry process, so regularly check around your POS terminals for hidden cameras. Consider installing your own security cameras to keep track of any suspicious activity around your Point of Sale area but make sure you don’t accidently record customers’ PIN entry process yourself, and remember to regularly review CCTV footage.
3) Protect your POS equipment from theft
Card readers themselves are valuable and data traces from transactions can be harvested from stolen devices, which means criminals sometimes simply steal card readers straight off the counter!
You can safeguard your Point of Sale equipment from being lifted off the counter by using a secure stand and making sure card readers are fixed securely to your counter with a security tether.
For maximum security, we recommend Tailwind’s SafeBase solution, featuring a secure latch mechanism that prevents criminals accessing the back of the payment machine, augmented with lock and key.
For added security, Tailwind supply Kensington’s MicroSaver ® lock and tether for payment technology. The tamper-proof lock fits into the Kensington slot and the tether is anchored to the stand.
4) Train your staff
Your staff are your eyes and ears at your point of sale, so conduct regular ongoing training to make sure they are on the look out for security breaches.
Could all your POS staff recognise a counterfeit credit card? Do they know how to check card readers for criminal devices and to recognise signs that a card reader has been tampered with? Do they know how your POS stands, locks and tethers work, and can they check that they are all functioning correctly?
Would your staff spot suspicious customer behaviour and know what to do? How would they respond to a customer presenting a damaged or worn card that won’t swipe? Would they notice if a customer made a rushed, high value purchase just as the store was about to close, and what would they do about it?
And finally, make sure you and your staff don’t accidently breach security yourselves. Never write down customer credit or debit card numbers, and securely shred any paperwork that contains customer payment data.
5) Beware of Point of Sale scams
Only authorised service personnel should ever repair or modify your POS terminals so make sure you have a procedure that all staff must follow to validate the identity of anyone claiming to be your POS service or repair company.
Scammers may try to modify your payment terminal while pretending to repair it in situ, or they may take it away for ‘repair’ and replace it with a loaned device. Either way, they may now have access to your customers’ confidential payment data and your security may have been breached.
Remember, regular audits of your complete payment process will help you identify possible vulnerabilities and help keep your payment processing systems safe and secure.