Point of Sale System Security Analysis
The challenge of POS security has moved into the spotlight with increases in cybercrime, fraud, and employee theft. To keep your customers’ payment card data secure — and protect your business from losses associated with data breaches and shrink — there are three areas to evaluate and fortify.
1. Minimize Threats to Your POS System and Network
According to the U.S. Department of Justice, credit card fraud has increased by 30% in the past three years alone. It’s more important than ever to deploy POS security technology and implement procedures that eliminate POS system vulnerabilities.
Most POS security breaches are not exclusively perpetrated by hackers who install malware on a merchant’s POS system to retrieve credit card information. Hackers have also been known to steal passwords to POS systems to access data, or wait until cashiers are distracted to connect a card skimmer to the terminal to capture the data they want. These criminals then use the stolen data to clone credit cards or make fraudulent purchases online.
To strengthen POS security and decrease credit card fraud, install an end-to-end encryption solution to render customer data indecipherable from the moment it is captured at the POS until transactions are settled.
In addition, work with your POS solution provider or value-added reseller (VAR) to make sure system upgrades and patches are up to date. As much as you are able, limit unauthorized access to POS terminals and card readers, and educate employees about the importance of keeping their passwords safe and watching for signs of tampering.
2. Combat Card-Present Fraud with EMV
Last year, the U.S. began its transition to EMV payment card technology. EMV uses cards embedded with a microprocessor chip that creates a unique transaction code each time it is used. If a hacker were to steal data from an EMV transaction, it could not be used to create counterfeit cards. EMV is designed to reduce card-present transaction fraud, and other measures, such as end-to-end encryption and tokenization, are necessary for e-commerce transactions.
Protecting cardholder data is important, but so is protecting your business. Along with the beginning of EMV transactions in October 2015, liability for fraudulent card purchases shifted from card issuers to the party with the least compliant EMV technology — including merchants. You are only protected from this liability if you upgrade to EMV-compliant technology.
3. Address Employee Theft
Employee theft is less reported in main stream media, but it can be a bigger threat to your bottom line than cybercrime or card data theft. According to the National Restaurant Association, employee theft accounts for about 75% of restaurant inventory losses — equal to about 3% of sales.
Integrating video surveillance cameras with your POS system increases POS security by making it easy for you to record and identify staff members as they engage in common tricks to raid the till, such as voiding transactions, canceling orders, and processing the redemption of coupons that were never really presented at the POS. “Sweethearting”— offering free or deeply discounted merchandise or food to friends or family— is another form of employee theft that can be detected using video surveillance.
You can also decrease employee theft and bolster POS security by monitoring and restricting employee access to the POS system. Access control that requires employees to swipe an ID card or use a fingerprint reader will ensure the actual employee has logged in rather than another employee with a stolen code or password.
There actually is a fourth thing to watch for: What comes next. POS security measures must always evolve with new threats to security. Make POS security now and into the future a priority to maintain customer confidence, protect your brand, and minimize losses that could hurt your business.