Data Security – Keeping Your POS Data Safe

Maintaining a secure POS system comes with many challenges in the age of technology and constantly changing security protocols.

With online criminals seeping through the cracks, it is more important than ever to ensure you are doing everything you can to protect not only your business, income, and staff but also your customer’s sensitive data and details.

Data Attacks

Unfortunately, hackers are becoming more and more inventive with data breaching techniques, allowing them to steal from POS systems. Despite this, there are certain barriers you can put in place to make their lives more difficult. With the implementation of the protocols below, you will feel a deeper sense of security.  

Why Do They Occur?

Data attacks are common because, unfortunately, it is hard to catch the culprit. With the likelihood of not being punished, coward hackers use the comfort of their homes to steal innocent customers’ data. The profit of stealing credit-card data speaks for itself, allowing them to collect hundreds if not thousands of dollars before being detected. Criminals will always exist, however, putting the next few hurdles in place will ensure you are doing everything you can when it comes to POS software safety. 

PCI DSS

The Payment Card Industry Data Security Standard is universally used as a secure payment protocol by all major card brands like; Visa, Mastercard, and American Express.

To meet the PCI DSS there is a range of boxes that need to be ticked in order to qualify, below are the exact requirements from the Business Government Site, Australia.

Here is our simplified summary:

1. A firewall is installed and regularly maintained
2. Secure passwords that are not provided by original POS software companies. Additional security forms such as fingerprint scanner are recommended
3. All cardholder data should be protected if it is stored within the POS software
4. Ensure all transmissions of cardholder data are encrypted when being sent across public networks
5. Up to date antivirus software must be used on all systems that could be affected by malware
6. Develop and maintain secure systems/applications
7. Access to cardholder data should be restricted
8. Every person should have a unique ID connected to their computer/POS access
9. Minimum to no physical access to cardholder data
10. Management of all access to network resources and cardholder data
11. Security systems and processes must be tested regularly
12. Maintenance of a policy that addresses information security

Data Types

Data in memory: This is the data that is brought in via a pin pad or card reader, for example. 

Data in transit: This is data that is traveling between different points or networks in cyberspace e.g Between networks that are processing card data.

Data at rest: This data is stored within your POS and can be attacked while it is sleeping on the job. It is not recommended to store customer data within your POS where possible.

What Can You Do About Data Attacks?

P2PE – Point to point encryption: This type of security will ensure your data in memory and data in rest are safe from attack as much as they possibly can be. It works by encrypting data from the moment it is entered until it reaches a safe zone where it can be decrypted. Using P2PE is highly recommended for anyone with a POS system, regardless of your industry. 

SSL OR TLS: Secure socket layer or transport layer security are both great options to keep your data secure whilst in transit, it allows the data to stay safe until it reaches a safety zone.

Avoid having data at rest if you can. If you really need to store data on your POS please use a P2PE security solution to be as safe as possible.

Types Of Data Attacks To Look Out For

Data attacks are not easy to spot, unlike regular stealing, and could happen right before your eyes. Be aware of the kind of attacks that may occur with our simplified list so you can keep track and implement additional security measures if necessary.

Skimming: Although not as common as it used to be, skimming still occurs, but on a smaller scale. You may recall some ATM’s having their card readers and pin pads replaced by criminals in past news reports. This allows them to steal or ‘skim’ details from cardholders and use them without consent.

Supply chain: Ensuring your chosen POS has appropriate measures of security in place is another important factor to consider when choosing your POS. If your POS software is not compliant you are putting your business at risk of attacks, the weaker the system, the more attackers may capitalise on this.

Sniffing: Attackers sift through online data and extract card details. Despite being time-consuming, it is quite effective if your POS system is not secure.

Memory scraping: This highly effective method involves the attacker using malware that is inserted or installed into the POS, allowing the collection or extraction of sensitive data. Be aware of malware programs like Dexter or Black POS.

Offline mode: This occurs when attackers force your POS system into offline mode (which usually only occurs when the internet is down), data is sent to local authenticators which makes it easier for attackers to steal data as it is not as secure or remote. 

Staying Protected

Of course, the first step in staying protected from unwanted data attacks is to be PCI DSS compliant. The next step is to put your additional armor on and go to battle, there is no sitting on the sidelines. Never let your data be vulnerable with these next few extra precautions.

Here are some extra ways you can ramp up the data security of your POS:

• Use stronger passwords, try using LastPass or a similar program that can assist in the generation of strong passwords and regular password changes. The best part? You don’t need to remember them or write them down (which is never recommended), these programs save your passwords for you and keep them safe.
• Install firewalls on either side of your POS system network.
• Avoid connecting your POS system to the internet, this increases your chances of being open and vulnerable to attacks.
• Turn on or install 2-factor authentications for that extra level of protection.
• Whitelist the software you approve, this means others won’t be able to breach your firewalls.
• Do regular anti-malware software scans. There are many reputable add-ons that will keep your malware safe throughout your working day. 
• Delete cardholder data if it is stored on your POS system, even if it is encrypted, it is still at risk. Holding onto customer data is never recommended and it also takes up valuable storage space.

The Wrap Up

Staying up to date = staying secure when it comes to your POS system. As the systems change and technology advances, it is a good idea to be on top of the next security hack that attackers are taking advantage of. If you know about it, chances are, you can protect your POS against it. Keep your protection add-ons auto-renew so you are always protected.

Here are some great sources that you should keep in your watch tab:

https://www.pcisecuritystandards.org/

https://www.sans.org/reading-room/whitepapers/bestprac/point-sale-pos-systems-security-35357

https://www.business.gov.au/Finance/Payments-and-invoicing/How-to-process-electronic-card-payments-securely