Cybersecurity Best Practices for POS Systems

A Point-of-Sale (“POS”) or Point-of-Purchase (“POP”) system captures the details, time and place of a completed retail transaction. Fifty years ago, a POS device was a cash register in a store. Today, POS devices take the shape of portable bar scanners, chip readers and mobile phone device attachments, all relying on Wi-Fi and the Internet to make it easy for small businesses to accept payment at multiple locations with centralized accounting. With the swipe of a credit card, data is transmitted from the buyer’s bank to the seller’s network in a quick and efficient transaction.

Given the amount of money that flows through POS systems every day -- in the United States the POS segments is projected to reach $357,557,000.00 in 2020 -- they are popular targets for cybercriminals, not only due to the amount of money changing hands, but the information of each buyer as well.

Roark Tech Services knows this space well. Follow our best practices to minimize the possibility of POS cyberattacks.

Segment the Network 

Keep POS data and company data on separate networks. This protects your main company information in case your POS is breached.

Update Operating System Software

If you’re using Microsoft XP, Vista, Windows 7 or 8, IMMEDIATELY upgrade to Windows 10. Microsoft no longer supports this software, which means there are no new security patches developed; hackers are keenly aware and ready to take advantage of those who have not upgraded. 

Change ALL default passwords 

Default system passwords are designed to facilitate installation; they are easy and straightforward – exactly the type of password you don’t want on your POS. Changing the system default password is like buying a house and changing the locks.

Employ Point-to-Point Encryption (P2PE) 

Point-to-Point Encryption (P2PE) is a standard established by the Payment Card Industry (PCI) Security Standards Council. It requires encryption of payment card data immediately upon use with the merchant’s point-of-sale terminal and must remain encrypted through secure transport and processing by by the payment processor. 

If you are unsure of the safety of your POS, contact us for a free assessment. We’ll help you understand – in non-technical terms – how protected your systems remain.