Data breaches, new ransomware, and other security threats seem to be in the headlines regularly. In fact, it’s been reported that POS attacks have increased 22% since 2015. Criminals are more organized and well-equipped than ever before. There’s no sign of things slowing down.
While it’s easy to believe that your business isn’t a target, the fact is, the tools criminals are using today don’t discriminate. They look for weaknesses and exploit them. If you do suffer a breach or loss of some sort, will you be able to weather the effects? Can you afford to pay potential fines from the credit card companies? Can you afford a damaged reputation and possible loss of business?
Rather than bury your head in the sand and assume your system is secure, ask your solution provides the following questions.
Do my POS and payment solutions make use of EMV, tokenization, and (point-to-point encryption) P2PE?
This trio of security protocols will help ensure your credit card payments are secure. Tokenization takes a cardholder’s primary account number (PAN) and replaces it with a substitute value called a token, worthless to criminals. P2PE encrypts cardholder data at the point of swipe, dip, or tap until the data reaches the payment company. Any data intercepted is worthless. EMV relies on embedded chips that ensures that the card being used at the point of transaction is authentic, thus reducing fraud.
Am I running antivirus?
Windows-based POS systems are susceptible to malware if connected to the Internet and unprotected. Antivirus can protect the system from malicious programs that can be used to capture customer information, lock and encrypt your system, or worse. If your POS system is Android-based, the chances of getting infected with malware are reduced, but POS performance can still be negatively impacted by infected back office PCs that might be on the same network.
What steps have you taken to secure my network?
Antivirus will help protect PCs and POS devices, but the overall network — your router and wireless access points — still need consideration. Firewalls can be put in place to allow you to control what data comes in and out of your network. For example, if you don’t need Internet access on your POS machines, those ports can be shut down. As an extra precaution, intrusion detection and prevention systems can be used to alert you if suspicious traffic is coming into your network or leaving it, particularly useful if an employee installed malware that’s sending data outside the organization.
Your network can also be segmented to ensure that POS devices and other networked devices are kept separate. Since phone systems, digital signage, video surveillance, and many other systems now plug into our networks, it’s essential to keep their traffic separate from that of POS and payments. Additionally, if you offer guest Wi-Fi, extra precautions need to be taken to keep guests outside your business network.
Are the latest software patches installed?
A recent Secret Service investigation into more than 400 breaches shows that improper setup and maintenance was a principal cause. Your initial installation might have been 100% secure, but without patches, updates, and routine maintenance, you might be vulnerable.
How strong is my password policy?
There’s no denying, passwords can be annoying, especially if you follow the rules. Unfortunately, the best practices set forth by the PCI Security Standard Council exist for a reason — they work. Also, it’s been shown that the majority of breaches happen due to poor password policies. According to the 2017 Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved either stolen or weak passwords. Make sure you’re using strong passwords and changing them regularly. This simple step can have a profound impact on your security.
By asking these questions to your POS vendors, and filling any security gaps that currently exist, you can significantly reduce your risks of a breach, loss, and costly fine. Don’t delay; have the conversation now.