Five Ways to Protect Point of Sale Stations and Networks From Cybercrime


It’s easy to use the latest POS security breach as a reason for business owners to ensure their POS systems are protected from cyber-criminals, but the fact is that these kinds of breaches have been occurring for a long time – even as far back as the incredible T.J. Maxx data theft of 2005.

As these kinds of breaches are still occurring, it’s always a good time to remind merchants who rely on POS systems to conduct business that protecting hardware and software from hackers and other cyber-criminals is vital in the effort to protect their business and customers’ data from falling into the wrong hands.

Two Areas of Vulnerability: Hardware and Software

There are two main ways that criminals steal consumer and business data – one is by affixing a physical device or “skimmer” to POS hardware devices in order to capture card data. The other way is by using malware to gain access to POS networks and get credit and debit card data as it passes through.

Cybercrime Prevention for Your Networks and POS Stations

While there is no “perfect solution” to your POS security, there are plenty of best practices that can be used to increase the security of your networks and the data that flows through them. These best practices include:

Maintaining the Most Up-to-date POS Software:

POS software updates ofteninclude important security patches that, if not installed, can leave your POS system vulnerable to malware and other attacks that could put your data at risk. Downloading and installing updates in a timely manner will keep POS networks and hardware far more protected than choosing to do updates quarterly or on some other schedule.

Installing a Firewalls and Anti-virus Software to Protect POS Networks:

POS systems are at constant risk of compromise at the hands of hackers, viruses, spyware and other malware that’s been designed to infiltrate and compromise POS systems. Using a firewall and anti-virus software does not guarantee complete protection, but should nonetheless be used as part of an overall protection system that keeps your POS hardware and network secure.

Creating strong passwords and changing them often:

Unfortunately, POS system installers are prone to using default passwords upon initial setup of online payment processing systems for merchants and not changing the passwords to something more secure. Using the default password makes life easy for the installers, but these passwords are fairly easy for criminals to obtain. Using complex, computer-generated passwords and unique account names are highly recommended. It’s also advisable to change passwords on a regular basis.

Denying Internet Access from POS Stations and Terminals:

When you restrict POS computers and terminals from accessing the Internet, you protect them from exposure and potential security threats such as viruses and other malware. POS systems should be connected only for necessary POS activities and should not be used for any general Internet usage. One click on a malware- infected site by an employee on a POS device could be disastrous for a business.

Disabling all Remote Access:

While it’s convenient to allows users such as IT personnel and administrators to remotely access a system without being physically in front of the terminal, cyber-criminals have ways of exploiting remote-access connections on POS systems to access data on these networks. To prevent access to these networks and data, disable remote access to your POS networks.

Doing these five things doesn’t ensure absolute security. However, these five steps will ensure that you are far less likely to suffer an attack at the hands of a cyber-criminal. Aside from these technical precautions, merchants should also be educating their employees about proper use of POS systems and signs that security has been breached.


Written by Eran Feinstein

Eran Feinstein is the founder of 3G Direct Pay Limited. 3G provides global e- commerce and online payments solutions for the travel and related industries. He is a leading authority in the fields of e-commerce, travel and payments, having acquired extensive experience from various parts of the world.