Your point of sale (POS) system is the gateway through which the most crucial avenues of your business run. A POS that works efficiently, with maximal uptime, payment flexibility, and security is of the utmost importance to your business.
But how can you tell when your POS is at risk? In most instances, the onboard software that comes with the system may not be sufficient for ensuring Payment Card Industry (PCI) compliance.
PCI compliance requires maintaining a set of standards developed by the PCI Security Standards Council to ensure consumers receive a certain degree of protection when they pay for goods and services at retail locations. To prevent a set of patchwork rules that would leave the current retail market looking like the Wild West, these data security standards help instill consumer confidence and provide businesses with the guidance necessary to protect their customers.
Your POS has a central role to play in ensuring these standards, but the basic protections that come along with a POS system don’t take into account all the precautions a restaurant or retailer must take to protect consumers.
Point of Sale Monitoring involves a variety of different tools and tactics aimed at protecting the sanctity of customer data.
Transactions receive a basic level of encryption if you’re using one of the major providers of POS systems. But it’s important to realize that this traffic is transmitted alongside other forms of internet traffic that may not receive the same level of encryption and is at higher risk of tampering.
The best way you can protect your POS system is by ensuring the network it sends financial data through is segregated from all other traffic. Have you ever been to a restaurant and pulled up your WiFi settings to find there’s one single network for all traffic to pass through, and it’s unlocked? Although it’s possible the POS network could be hidden from guest traffic, it’s far more likely that restaurant hasn’t taken the necessary precautions to separate the two data streams.
The way you do this is through programs that let you create wholly separate networks for different types of traffic. Typically, that can mean a highly secure network for your POS system, another network for basic employee internet traffic, one for operations such as accounting, scheduling, etc., and finally a basic network for guest traffic.
Doing this lets you more easily monitor traffic for potential incursions. It’s easy to identify when something is amiss with your POS network because you have a strong idea of the types of patterns and usage you see in a given day.
You also want software that can carefully monitor for spoofing and can alert you when, for instance, a network suddenly appears within range of your store that says something seemingly innocuous, like ‘Guest WiFi,’ but is in fact not operated by you and is an attempt to gain access to your employees’ and customers’ devices.
Who has access to your POS system is just as important to monitor as the traffic that passes through the POS system.
When shutting down for the day, you should have a documented process in place to log out of all systems and, if your POS exists on a tablet or other mobile device, store those systems somewhere secure. You should also document who can unlock these systems and the process they should follow to do so.
The number of people who have these unlocking and access privileges should be limited only to those who have a demonstrated operational need to do so. This should be emphasized through two-factor authentication, providing a secondary level of protection if an employee’s pin or password were to be intercepted by someone who shouldn’t have it.
When you have access locked down exclusively to those whose interactions with a POS serve a legitimate business need, it becomes much easier to track POS usage and take note of any irregularities. For instance, if you see a sign-on from an employee who you know for a fact had called in sick that day, you have an indication that the access was fraudulent in nature.
Carefully monitoring employee POS usage also sets you up to notice patterns of behavior that could indicate fraud. If your accounts keep coming up short of where sales indicate they should be, and you can trace that pattern back to one employee’s activity, you’ll be set up well to investigate those incidents, forming conclusions based on a trail of digital breadcrumbs.
Finally, any thorough monitoring of your POS system will require software to verify the security of the device and its onboard applications.
While a POS should typically come with some form of antivirus software installed, you’d do well to install a secondary antivirus program to provide another degree of protection. Ideally, your anti-virus and cybersecurity software would integrate not just with the POS system, but with everything of a digital nature related to your business.
In order to quickly identify threats and act upon those threats, you want software that quickly shows the state of your operational systems at each location. A best-case scenario is a single pane of glass solution that highlights the most important areas in an intuitive dashboard that’s easy to parse.
More than just monitoring, you want software that puts up an additional firewall, which is another barrier to potential incursions into your POS system. And when a threat is detected, you want the ability to quickly segment that threat from all other networks and digital traffic, protecting your POS and your other business operations.
When you have this level of monitoring in place, you can be confident your POS is as secure as it can possibly be.
To learn more about POS monitoring that can protect your business from a breach, contact Logic Shield. Our software helps businesses gain control of their cybersecurity like never before. We’ll even provide a free gap analysis to help you identify areas of potential improvement.