3 Ways to Handle POS Security Risks in Retail IT

Handheld Point-of-Sale System (POS)

Today, organizations are prioritizing security, given the increased rate of occurrence of cyberattacks. And the retail industry is no exception.

The most publicized breaches on retail include Target having records of 40 million customers pilfered in 2013, and the same attack compromised another 70 million records.

In 2018, department store chains: Saks Fifth Avenue and Lord & Taylor suffered a bad press due to a breach that exposed details of 5 million payment cards of customers. Online customers of another popular retailer, Macy’s, became victims of a data breach that lasted for nearly two months, and as a result, the retailer faced a class-action lawsuit by its customers. 

Also in 2018, British Airways was hit with a data breach affecting around 380,000 customers who were using its website and mobile app. According to an article on activereach.net, “customers’ payment card details were breached but compromised data did not include travel or passport details.”

In this blog, we’ll discuss a few ways we can handle the security risks associated with one of the retail industry’s biggest areas of risk, Point of Sale (POS) machines. 

While retail stores cannot function without Point of Sale (POS) machines, they pose great security risks as they are constantly connected to the internet, do not always meet IT security standards, and are accessed by multiple users for terminal updates. 

Here are three ways retail organizations can keep their POS machines secure and ward off data breaches related to sensitive credit card information. 

1. Tighten Software and Security Policies to Avoid POS Malware Attacks 

POS malware is specifically designed for POS terminals and used to steal customer payment card data during transactions in retail stores.  

When a sale takes place, payment card data is usually stored on a system by the retailer when they charge the card. This data is encrypted on the system, which is the endpoint. However, there’s a split second when the payment is processing and the data is not encrypted yet when hackers attack and steal the data. 

This attack is made possible by planting malware on the endpoint. Retail organizations can be riddled with legacy systems that are difficult to patch and hence are easy targets for malware attacks. To avoid malware, retailers need to: 

  • Keep their POS and server endpoints updated with regular patching
  • Avoid having POS endpoints that access the internet
  • Have basic security layers such as firewalls and antivirus/anti-malware (AV/AM) software deployed to all endpoints

2. Invest in Employee Security Awareness Training 

Protect your data by minimizing human error. It is imperative for retailers to train their IT professionals and other employees on security best practices such as access controls, password complexity, and identifying unauthorized devices on POS terminals. The training should also cover appropriate procedures for responding to suspicious activity. 

3. Maintain PCI Compliance 

The Payment Card Industry Data Security Standard (PCI DSS) ensures the protection of payment card data with policies such as:

  • Restricting access to cardholder data by business need to know
  • Identifying and authenticating access to system components
  • Restricting physical access to cardholder data systems
  • Mandating multi-factor Authentication (MFA) for all non-console administrative access
  • And more

PCI compliance, by itself, may not solely ensure complete IT security. However, retailers can leverage compliance, move beyond check-box requirements and incorporate cybersecurity best practices to maximize protection of the payment lifecycle. 

To learn more about meeting the challenges facing retail IT professionals, download our eBook How to Overcome 7 Tough Retail IT Challenges.

POS Retail IT

How Vue Entertainment Automated IT to Save Time and Optimize Resources

Vue Entertainment is part of Vue International, one of the world’s leading cinema operators. It has 86 cinemas in theRead More

Women in a business meeting

2019 IT Operations Survey Results: IT Decision Making and the State of IT Maturity

In today’s digital age, IT plays a huge role in the growth of a business by driving innovation and enablingRead More

artwork of computers transfering files

How to Prepare for Windows 7 and Windows Server 2008 End of Life

Time is running out for support for Windows 7 and Windows Server 2008/R2. End of life for these operating systemsRead More

ROI of Omni IT

What’s the ROI of Omni IT?

According to Gartner, worldwide IT spending is projected to total $3.79 trillion in 2019, an increase of 1.1 percent fromRead More

Connect IT - You're Invited! - Join us at MGM Grand Las Vegas - May 4th - 7th, 2020
Get the 2019 Kaseya State of IT Operations Report - Download Now

Archives

Categories