POS security is the security for a point-of-sale (POS) payment system – that is, the system that businesses use to accept, process, and record payment transactions between the business and the customer.
“Point-of-sale” describes the appliances and software that process transactions: everything from tap-and-go credit card readers to old-fashioned cash registers, as well as the POS software that operates behind the scenes.
POS systems have predominantly moved online and to cloud systems, allowing customers to pay via no-contact solutions. This type of connectivity is helpful for the customer, but can give rise to new attack vectors.
Because they involve financial transactions, POS systems are popular targets of cyber attacks. The goal is to steal a person’s credit card or debit card number, which is then either used to access that person’s bank accounts or sold for profit to third parties. These attacks often happen at high-traffic retail settings such as department or grocery stores that use a POS device.
While many POS systems include built-in security features to lower the risk of an attack, you should still plan to implement cybersecurity protocols to protect your customer’s credit card information. Cyber attacks adapt to infiltrate firewalls and security measures, so updating your own cybersecurity procedures is a must.
Can a POS System Be Hacked?
Yes, a POS system can be hacked.
Typically a criminal exploits a system vulnerability or launches a social engineering attack. A system vulnerability may be a weak point in a firewall or an old login credential that allows the hacker access to cardholder data. Social engineering is when a cybercriminal manipulates the victim in person to gain access to the system the criminal needs. With POS systems, this could include phishing or baiting. Phishing is when the hacker gains access controls to encrypted information via a scam email or message.
If your POS system has ever been hacked, rest assured that you are not alone. Some of the biggest companies in the world have had their POS systems compromised. For example:
- A 2019 DoorDash POS hack leaked the personal information of more than 4.9 million workers, customers, and merchants.
- Landry’s, a dining and hospitality business, detected unauthorized access in 2019 to its payment system that supported more than 600 restaurants.
- In 2020, THSuite, a point-of-sale system of marijuana dispensaries across the United States, was the victim of a data breach that compromised the medical ID numbers, addresses, dates of birth, and other customer data of more than 85,000 individuals.
What Is the Best Way to Secure a POS System?
Follow these best practices for securing your point-of-sale system:
Encryption
All financial transactions should be encrypted to keep the information private from outsiders. Set up access controls so that when transaction information is accessed at either endpoint, it is accessed only by approved key stakeholders via authentication. Those login credentials should be changed frequently, and meet standard password security requirements each time to avoid hacking.
Updates
Keep all POS software regularly updated. Install factory-sent updates and update security protocols regularly. Those updates often contain much-needed patch updates to the security software on your POS system. Run antivirus software at regular intervals to scan for POS malware and to assure catching anything that may have already breached via an attack vector.
Any apps you may use for point-of-sale transactions should also be regularly updated. You want to think of connectivity to your point-of-sale terminal as an attack vector. Assure that all the routes leading to that endpoint are as secure as you can make them.
Internal Training
Train all employees to recognize signs of social engineering and in-person tactics such as card skimming. A card skimmer attaches to a fake payment card which then steals information from the POS device (common at gas station pumps and ATMs).
Also train employees to watch for people who may steal the card reader itself. Small and medium-sized businesses should especially watch out for the theft of the POS device, as those devices are often much easier to pocket than the ones used by larger retail outlets.
ZenGRC is Your Financial Security Partner
The ZenGRC platform offers your organization a streamlined and efficient cybersecurity dashboard.
You’ll have all the controls you need in one place, making it easy to monitor your operating systems for attack vectors, developing cyber threats, and monthly incidents. Share regular reports with key stakeholders and analyze malware in real-time.
Our trained experts can help you to ensure your organization meets the PCI DSS (payment card industry data security standard). You can keep your POS systems private, protected, and secure with regular monitoring and antivirus scans. Learn more about ZenGRC by requesting a demo.