With cash accounting for just 40% of all UK payments in 2016 and that figure expected to fall to just 21% by 2026, card transactions are now serious business.
But with the growth of card sales and the proliferation of mobile EPOS card terminals, there is also an increased opportunity for hackers to launch a cyberattack – if your system isn’t correctly protected. But how exactly can a hacker infiltrate your network via your mobile EPOS terminal and how can you protect your business?
First, a criminal must contaminate your EPOS system with a specific type of malware. With retailers operating from multiple locations and various employees and third-party IT professionals accessing mobile EPOS terminals this is a lot easier than you would imagine. Once malware has been introduced to your EPOS system it can automatically begin to harvest your customers’ card data as it passes through your system. The hacker can either use this information themselves or sell it on.
How to secure your EPOS system
1 Deploy software that can automatically monitor your EPOS system, looking for suspicious activity or strange data flows. Once suspicious activity is detected, you will be alerted and a potential attack can be halted before damage is done
2 Install the best firewall and anti-virus software available. Hackers constantly look for weaknesses in your EPOS network security using viruses, spyware and other malware. A firewall and anti-virus software may not give you complete protection, but it certainly makes it a lot tougher for hackers
3 Ensure your mobile EPOS terminals are connected to a dedicated secure Wi-Fi network. This will stop hackers from infiltrating your network using a ‘back door’, such as a free customer Wi-Fi network, before attacking your EPOS system.
4 It sounds obvious, but regularly updating your EPOS software will ensure you have the very latest security patches in place, giving hackers less opportunity to capitalise on any weaknesses.
5 There are also lots of ways terminals can find themselves in the wrong hands: they can be stolen, lost by employees or simply left unattended. Hackers can then break into the device and view and steal customers’ details, especially if end-to-end encryption hasn’t been used. To avoid this, account for every terminal at the end of the day and store them in a secure location.
What Vodat can do for you
We make PCI DSS compliance easier: Vodat International’s payment solution deploys a managed firewall at each merchant site, segmenting the PIN entry devices (PEDs) from the rest of the merchant’s network and reducing cardholder data from the POS environment. This technique reduces scope for PCI DSS compliance, as PEDs are controlled from Vodat’s data centres.
We can also study your network: For an annual subscription, we can carry out a comprehensive assessment of your system, searching for weaknesses and ensuring you have unlimited PCI compliance.
Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business.