Security Guide - POS Security

What is the cost of weak POS security?

In 2013 the EPOS system of US retailer Target was hacked, exposing 70 million customer records to criminals. With around 60% of all EPOS transactions paid by an electronic card the consequences of a security breach are potentially spectacular.

Hackers’ tactics

First, a criminal must contaminate your EPOS system with a specific type of malware. With retailers and hospitality firms operating from multiple locations and various employees and third-party IT professionals accessing EPOS systems, this is a lot easier than you would imagine. Hackers can also attempt to do this remotely by hacking one of your online servers. Once malware has been introduced to your EPOS system it can automatically begin to harvest your customers’ card data as it passes through your system. The hacker can either use this information themselves or sell it on.

How to secure your EPOS system

Use end-to-end encryption: Leading EPOS terminal suppliers provide software designed to ensure your customers’ data is never exposed to hackers. It encrypts credit card details as soon as it is received by the POS device and again when it is despatched to the software’s server. This means your customers’ data is never vulnerable no matter where a hacker may install malware.

Antivirus software

Installing endpoint protection software on your device will ensure malware doesn’t breach your system. Antivirus software will scan your device, identify suspicious files or apps and alert you immediately so you can remove them.

Isolate your EPOS terminals

There are lots of ways terminals can find themselves in the wrong hands: they can be stolen, lost by employees or simply left unattended. Hackers can then break into the device and view and steal customers’ details, especially if end to-end encryption hasn’t been used. To avoid this, account for every terminal at the end of the day and store them in a secure location.

What Vodat can do for you

We make PCI DSS compliance easier: Vodat International’s payment solution deploys a managed firewall at each merchant site, segmenting the PIN entry devices (PEDs) from the rest of the merchant’s network and reducing cardholder data from the POS environment. This technique reduces scope for PCI DSS compliance, as PEDs are controlled from Vodat’s data centres.

We can also study your network: For an annual subscription, we can carry out a comprehensive assessment of your system, searching for weaknesses and ensuring you have unlimited PCI compliance.

For more information, contact Vodat today using the form below: