Can Data Be Stolen From Your POS System?

Can Data Be Stolen From Your POS System?

Stolen credit cards are used in different ways by fraudulent elements in the society to commit fraud online and offline. And one of the ways to steal these types of information on them is through the POS systems. A large number of businesses in this country are connected in one way or another to the internet, POS systems included.

How is the POS system compromised?

The hackers usually exploit the existing infrastructure to infiltrate POS terminals through the corporate network. They mostly exploit an existing vulnerability in an internet-connected computing system that also connects to the POS terminals. They may also dupe an employee into granting them access in one way or another. They then utilize multiple techniques to transverse the corporate network until they gain access to the POS systems, where they embark on stealing as many credit cards that pass through it as they can.

Unfortunately, when the customer’s sensitive data is being stolen from the POS system, it can go on unnoticed until it is too late to do anything. Worse still, the theft is not even noticed by the store owners or staff but by third parties, for example government authorities when they come calling after a specific customer alerts them on it. This mostly happens after the bank has alerted the customer of pending credit card dues he seemingly owe, and after investigation the fraud is discovered to have originated from the business’s POS system.

How do you protect your POS system from credit card data theft?

There are a number of good ways to make your POS terminals harder to hack or be targeted by criminals for fraudulent activities. These include:

  • Segmenting your POS environments

A good POS system vendor knows the importance of segmenting your POS environments, something that means not permitting POS software to reside on the same system that is used for internet browsing, emailing, playing games, and the likes. The best solution in this regard is to set up two computers in your back office. The first one is for conducting all your business activities, for instance ordering uniforms, supplies, etc. The other computer should only be used for POS purposes, and need to be properly segmented from the others through a strong firewall.

Others in a summary include:

  • Restricting the functionality of POS terminals so that they are used to access the internet for web browsing, gaming, or emailing by the employees
  • Adequately training your staff about POS security and credit card fraud
  • Requiring a card security code for all online card transactions. The card security code is the unique three or four digit number which is commonly printed on the back of the payment card, and that is not stored on the magnetic strip
  • Restricting remote access to your POS terminals
  • Install firewalls and good antivirus software on the system and that is kept updated at all times
  • Limiting the integration of your POS terminals and corporate network systems by installing powerful internal firewalls in the network
  • Requiring a two-factor authentication for administrative changes to critical POS terminals

While credit card fraud has always been a problem in many countries, the advert of internet and heavy reliance on point-of-sale terminals for business transactions and that are all connected has intensified the threat. Fortunately, by taking the right POS system securing measures like listed above, this threat can be reduced or completely done away with.