Many small businesses such as restaurants, bars, or even retailers, use Point-of-Sale (POS) systems to make the process of receiving payments from customers easier. Complete POS systems may include a computer along with a monitor, a cash drawer, a receipt printer, a credit card reader, and a mouse and a keyboard. They tend to be relatively expensive (cost a few thousand dollars on average) and if you, as a small business owner, decide to invest in a POS system, you should be prepared that these devices are often targeted by hackers who attempt to steal credit card information.
The number of cybercrimes committed every year is quite alarming. One of the major POS system security breaches occurred in late 2011. Romanian hackers compromised more than 146,000 credit cards and stole almost $10 million. Hundreds of POS systems were accessed illegally in the process. Here are 5 ways small businesses can protect themselves and their customers from cyberattacks.
Never Use Default Passwords
A significant portion of POS systems use the passwords that were assigned to them in the factory. Retailers have no incentive to change the passwords and the end customers (i.e. small business owners) usually have no idea about the possibility of the POS system getting hacked into. The simplest way a hacker can get access to the data stored on a POS system is to try the original, factory-set password and chances are he/she will be right. For this reason, it is highly recommended to change the password after purchasing the device.
Evaluate Your Risks
There is something called Payment Card Industry Data Security Standard (PCI DSS) protocols. These protocols set requirements to help organizations increase their security and develop formal processes designed to identify vulnerabilities that might reduce card holder data security. By following these requirements companies can evaluate the risk of being hacked and determine which controls can help their businesses be protected. This is not a one-time action. Risk assessment should be an ongoing process, so that if any threat emerges, it can be responded to by taking preventive measures. You should also keep in mind that risk assessment is only a part of all the applicable PCI DSS requirements.
Know Who You Are Dealing With
This could be the most important tip of all. To fully understand cyber criminality and the possibility of yours or your customers’ data being stolen, you should educate yourself in this area. By educating yourself in this field you will no longer be tempted to underestimate the potential consequences data theft could mean to you and your business. Often times criminals are former employees of the particular restaurant or bar that he/she targets. At the end of the day, it is much more comfortable and safe for the hacker to steal the confidential data from a far distance. There is no need for him/her to hold up a cash register at gunpoint anymore. The POS system can be accessed from anywhere in the world and data can be stolen via electronic means with little to no footprints left behind.
Do Business with Trained Resellers
If you are purchasing your POS system from a retailer and not the original manufacturer, you should see to it that the retailer has been trained under the Qualified Integrators and Resellers (QIR) program. This program was put in place by the PCI Council and its purpose is to increase POS security. Professionals and IT experts working in the retail organizations can now receive this training. It is designed to educate them about how Payment Application Data Security Standard (PA-DSS) applications can be installed securely. By following the methodology taught in the training, companies can make sure they comply with the PCI DSS standards. If you work with a trained individual, he/she will help you to install and maintain the payment applications you are going to be using. You can read more about these applications below.
Use a Reliable All-in-One PC
Small businesses can now protect their customers’ data by complying with the PCI DSS standards. PA-DSS apps can be installed on a number of devices, including tablets and PCs. This PA-DSS validation has to be correctly configured and maintained for it to work as it is supposed to be working. Otherwise it will not provide much benefit at all. Other apps such as ID verification apps can be installed on the PCs or tablets, as well, for increased security.
POS systems are among the most frequent targets of hackers trying to profit from their criminal activities. Since these devices are usually connected to the internet, they can be accessed from anywhere in the world by a capable hacker. This problem is not likely to go away any time soon and for this reason, you’d best be prepared.