Point-of-sale (POS) breaches have become regular occurrences, with large retailers and hospitality giants losing millions of records to malicious actors and then paying out millions to clean up the mess. Some small businesses may consider POS security to be a distant worry because cybercriminals are more interested in "the big guys." However, this is not true.
A recent Trend Micro survey found that in the third quarter of 2015, 45 percent of all POS attacks targeted small and midsize businesses. What should you look for in a POS system, and which security risks should be top-of-mind?
Find The Right Fit
When choosing a POS system, companies need to find the right fit. In many cases, businesses with fewer than 50 employees aren't well-served by traditional hardwired POS solutions. According to Forbes, mobile POS units may be the best choice because they are portable, easy to use and can be customizable. Most don't charge a monthly fee, but instead take a cut per transaction (anywhere from 1.75 percent to 3.75 percent). For companies on the move, Forbes says, a solution such as the Square card reader is a good option, since it provides total control over card swipes and easily integrates with mobile phones. For brick-and-mortar stores, there are options such as ShopKeep and LevelUp, which charge a fee for each POS unit and include features such as inventory tracking and customer loyalty programs.
Train Your Staff
With most banks now issuing chip-and-PIN cards, duplicate card fraud is dropping. However, all in-store transactions come with a POS security risk that cannot be ignored: staff. According to Chain Store Age, one key point of weakness for POS systems is poor staff training. For example, if staff members still accept magstripe cards or let customers provide their credit card number rather than the card itself, there is a significant risk of fraud. More worrisome is that credit vendors have shifted fraud accountability to the weakest link in any security chain. If employees aren't using chip readers every time or verifying IDs when credit cards are used, your business could be on the hook to pay back any losses.
While enterprises offer a bigger payout for cybercriminals, the lack of POS security at many small businesses also makes them a tempting target. Companies must ensure POS systems are always up-to-date. For instance, if a manufacturer releases a security or firmware update, it should ideally be downloaded and installed immediately. Once vulnerabilities are in the wild, attackers start looking for easy targets. Small businesses must also apply the same caution to all mobile devices used on their network because in most cases, attacks don't target the POS itself. Rather, they worm their way in through a third party such as a compromised smartphone or tablet. Mobile device security can be improved by strong passwords and two-factor authentication for network access.
If your small business wants improved POS security, pick the right system, train your staff well and keep all devices on your network up-to-date.
SIGN UP FOR THE THRIVE NEWSLETTER