Protect your business online

Point-of-sale (PoS) security is a growing concern for many businesses, especially for those in the retail sector. There are two main areas of PoS vulnerabilities:

• hardware - eg when criminals affix a 'skimmer' device to PoS terminal in order to intercept and capture card data
• software - eg when criminals use malware to gain access to PoS networks and steal payment card data as it transmits through the network

If you use point-of-sale networks to conduct business, it is vital that you follow security best practices and make every effort to protect your terminals and software.

How to protect your Point-of-Sale station and network

The best advice on securing your PoS environment is to use multiple layers of protection. For example:

• Use strong passwords - replace the default user name and password after installation and change passwords on a regular basis.
• Update your PoS software - install security upgrades and patches to keep your systems protected against known bugs and vulnerabilities.
• Install firewall and anti-virus software - see common cyber security measures.
• Set up encryption - your POS service provider will usually set up encryption of data transmission by default. If you have any concerns, talk them over with your provider and make sure processes are in place to safeguard your system from abuse.
• Control access - only allow access to customer data to authorised and relevant employees. You should also restrict PoS computers and terminals from accessing the internet; this can prevent exposure to online security threats such as viruses and malware.
• Disable remote access - remote access can expose your PoS system to more vulnerabilities and make it easier for cyber criminals to exploit. Consider disabling remote access to your PoS network as a precaution.

Even with all these measures in place, there is no guarantee that your PoS system won't be attacked. Always watch out for any signs of security breach and train your staff on the proper use of the PoS system. It may also be worth investing in cyber security breach detection and developing and testing your cyber security incident response plan.