As cybercrime targets POS systems, merchants are at risk from sophisticated attacks by hackers. With each report of a new attack or security threat, keeping up with security best practices at the Point of Sale becomes more apparent. We encourage all merchants to take precautions with their POS systems that include protecting the software and the hardware in use for processing transactions. Staying up-to-date and following these best practices will keep your business and customers safe.
The Best Practices for Passwords
Did you know it is a PCI requirement to change passwords every 90 days? A strong, regularly changed password is your first line of defense against hackers. Set up regular password changes, keep your passwords complex, and never share passwords. A complex password is longer than 6 characters and uses special characters, numbers, and letters.
Furthermore, never use group accounts or passwords. Reduce risk by limiting access and disable unused accounts immediately. As a matter of practice, keep track of everyone who has administrative access via passwords and train staff to use strong passwords.
In a further attempt to protect systems from hackers, current PCI requirements require accounts to be locked out after no more than 6 failed login attempts. Passwords should be protected by frequent changes and carefully manage to reduce risk.
Firewalls and Anti-virus Protection
Keeping protective firewall and anti-virus software current is an important risk mitigation strategy. Firewalls are part of a computer system designed to keep out malicious attacks or authorized access to a computer or network. Keep your firewalls on and refreshed with any updates or patches that become available.
Anti-virus software contributes to the safety of your POS system, too. Running an updated, reputable anti-virus software program will detect malicious attacks and should alert merchants to threats. Installing updates to anti-virus software regularly will make the most of this protection as new threats develop.
Multifactor Authentication for Remote Access
Mutlifactor authentication to verify identity increases security in processing transactions and protecting customer data. This often includes requiring a combination of multiple pieces of identifying information like a password, a PIN and network authentication. Whenever your POS system is accessed remotely, multifactor authentication is especially important. When multifactor authentication is not possible, remote access should be activated sparingly and only when necessary.
Knowing who has physical and remote access to your POS system is an important security precaution, too. If contacted by someone who claims to be a vendor or technician for your POS system software or hardware, proceed with care. Don’t fall victim to a scam or phishing fraud. Take the caller’s contact information then call the company directly to verify the reason for the call.
Know Your Equipment and Technology
Merchants depend upon their POS systems to process payments and customer data quickly and securely. In terms of physical hardware, keeping track of the condition of your machinery is imperative. Any signs of suspicious tampering could indicate a hack at the point of sale. Contact us immediately if you notice any changes in your hardware including scratches or loose bolts.
If your system is suddenly running slowly, stalling, or freezing, please run your anti-virus software and contact us.
Integrity is dedicated to keeping merchants and customers safe from cyberfraud and security threats. Our Easy PCI Compliance program is designed to help merchants stay safe. Furthermore, we work with our credit card brands to provide the best guidelines for security to merchants. Join us in putting the best practices in place to keep business safe and eliminate cybercrime.