What Small Businesses Need to Know about POS Systems

POS System

Point-of-sale (POS) systems are making headlines after four different POS providers suffered data breaches in the past year — exposing customer information at a variety of small businesses.

These businesses entrusted their POS providers with protecting customer information but were quickly subjected to harsh backlash from their defrauded consumers — 28 percent of fraud victims will avoid businesses post-fraud — bringing to light the importance of selecting a reputable provider.

A POS system is the hardware and software that aids in completing business transactions including the cash register, touch screen display, barcode scanner and more. While vital for day-to-day operations, these devices do much more than just accept payments — they are the frontline of defense against hackers and other cyber threats.

Many of the recent high profile POS data breaches were caused by Backoff malware or similar cybersecurity threats being placed on the systems. With small businesses being hit disproportionately hard by data breaches and the average U.S. data breach costing $5.4 million; it’s a risk many small business owners can’t afford to run.

So how can you avoid having your POS system compromised? Approach selecting a POS system the same way you would when purchasing a new car — with due diligence.

You may have your sights set on the Rolls Royce of systems, one with business analytics and marketing capabilities, or you could just be in the market for something that gets you from point A to point B. Either way, security should be your driving force in the purchasing process.

Scope out POS systems with six features in mind to avoid subjecting your customers to identity crimes:

1.) PCI Compliance
Your business must be PCI compliant to accept credit and debit cards. This means you must follow both the Payment Card Industry Data Security Standard (PCI DSS) rules for processing payment cards and your POS device must meet PCI standards for merchants.

Small businesses have different requirements than larger organizations, visit the PCI Small Merchant website for more information.

2.) Analytics and Operational Features
As previously mentioned, many high-end models offer marketing capabilities and business analytics. These features can be great to track promotions or manage your inventory, but too much “fluff” could be dangerous.

Hackers seem to have placed a “bounty” on POS systems due to the sensitive nature of information they obtain and store. So they will commonly go after other systems, like your personal computer, in hopes that they are connected to the device. Lock down this gateway to cybercrime by isolating your POS system from other business technology networks.

3.) Updates and maintenance
Just like your computer at home, POS systems need anti-virus and anti-malware software and must be regularly updated to prevent cyberattacks. Research each model carefully and understand how you will be notified of updates. Ask your sales representative if you will be able to perform updates yourself or if a service professional will maintain your device.

4.) Encryption services and fees
Encryption is the process of encoding and decoding messages so the sender and intended recipient are the only ones that can view it. It is vital that your POS system use encryption to secure financial information, such as customer credit card numbers, present on the device.

Ask about encryption services when purchasing your system, some services require a monthly subscription fee. While a monthly fee may be bothersome, it’s far more manageable then the backlash a potential data breach would create.

5.) Provider’s Track Record
POS providers are supposed to be experts in payment security, but instead many are fixated on cutting costs while providing all the bells and whistles to drive sales.

Always do your research before trusting an organization’s product — that means doing a little digging into a provider’s history to see if they have ever experienced a data breach. And be sure they provide you with ample security information. Your sales representative should be just as knowledgeable about cybersecurity as they are about the company’s current promotions.

6.) Choose an EMV/Chip-Enabled Terminal

There is currently a massive push to adopt EMV (chip cards) in the U.S. And the payment industry is using some pretty persuasive tactics to get merchants onboard.

With the impending “Payment Liability Shift,” merchants and their POS provider will be held liable for any card-present fraud transactions starting October 1, 2015.

Card-present fraud includes physically stolen and counterfeit chip cards. This liability was traditionally the obligation of the issuing-bank. Merchants will still not be liable for card-not-present fraud (such as online or over-the-phone transactions).

EMV POS terminals can read both chip-enabled and magnetic strip payment cards, so once implemented your business can accept both payment forms. EMV also supports NFC (near field communication). However, this “tap-and-pay” feature is not required to be EMV compliant.

Talk with your POS provider about what EMV upgrade options are available to your business.

Remember, a POS system is a large investment in your small business’ success. Make the right decision and invest in security to keep your customers coming back year after year.

For more information on cybersecurity and small business protection, visit FightingIdentityCrimes.com.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Eugene Bekker, Chief Security Officer
Eugene Bekker originally joined EZShield in 2008 as a consultant and today he oversees the architecture of the core...
Read more about Eugene Bekker.

2 Comments

Leave a Comment.