Point-of-sale (POS) systems are making headlines after four different POS providers suffered data breaches in the past year — exposing customer information at a variety of small businesses.
These businesses entrusted their POS providers with protecting customer information but were quickly subjected to harsh backlash from their defrauded consumers — 28 percent of fraud victims will avoid businesses post-fraud — bringing to light the importance of selecting a reputable provider.
A POS system consists of the hardware and software used to process business transactions, including the cash register, touchscreen display, barcode scanner, and more. While essential for daily operations, these devices do more than just handle payments—they serve as the first line of defense against hackers and other cyber threats.
Several recent high-profile POS data breaches were due to Backoff malware or other similar cybersecurity threats targeting systems. Small businesses are especially vulnerable to data breaches, with the average cost of a breach in the U.S. reaching $5.4 million; this is a risk that many small business owners can’t afford to take.
So how can you avoid having your POS system compromised? Approach selecting a POS system the same way you would when purchasing a new car — with due diligence.
You may have your sights set on the Rolls Royce of systems, one with business analytics and marketing capabilities, or you could just be in the market for something that gets you from point A to point B. Either way, security should be your driving force in the purchasing process.
Scope out POS systems with five features in mind to avoid subjecting your customers to identity crimes:
1.) PCI Compliance
Your business must be PCI compliant to accept credit and debit cards. This means you must follow both the Payment Card Industry Data Security Standard (PCI DSS) rules for processing payment cards and your POS device must meet PCI standards for merchants.
Small businesses have different requirements than larger organizations, visit the PCI Small Merchant website for more information.
2.) Analytics and Operational Features
As previously mentioned, many high-end models offer marketing capabilities and business analytics. These features can be great to track promotions or manage your inventory, but too much “fluff” could be dangerous.
Hackers seem to have placed a “bounty” on POS systems due to the sensitive nature of information they obtain and store. So they will commonly go after other systems, like your personal computer, in hopes that they are connected to the device. Lock down this gateway to cybercrime by isolating your POS system from other business technology networks.
3.) Updates and maintenance
Just like your computer at home, POS systems need anti-virus and anti-malware software and must be regularly updated to prevent cyberattacks. Research each model carefully and understand how you will be notified of updates. Ask your sales representative if you will be able to perform updates yourself or if a service professional will maintain your device.
4.) Encryption services and fees
Encryption is the process of encoding and decoding messages so the sender and intended recipient are the only ones that can view it. It is vital that your POS system use encryption to secure financial information, such as customer credit card numbers, present on the device.
Ask about encryption services when purchasing your system, some services require a monthly subscription fee. While a monthly fee may be bothersome, it’s far more manageable then the backlash a potential data breach would create.
5.) Provider’s Track Record
POS providers are supposed to be experts in payment security, but instead many are fixated on cutting costs while providing all the bells and whistles to drive sales.
Always do your research before trusting an organization’s product — that means doing a little digging into a provider’s history to see if they have ever experienced a data breach. And be sure they provide you with ample security information. Your sales representative should be just as knowledgeable about cybersecurity as they are about the company’s current promotions.
Remember, a POS system is a large investment in your small business’ success. Make the right decision and invest in security to keep your customers coming back year after year.