Over the years, the point-of-sale (POS) environment has evolved from traditional cash registers and dial-up modems to more flexible, always-on multipurpose systems. These systems bring forth a greater technical complexity for retail storefronts.
Merchants now use high-speed connections with POS terminals that commonly link to a central server, providing the corporate office with insight into customer purchases and their spending habits. Operating on high-speed connectivity at all times also brings a new level of efficiency to the payments industry, including handling system maintenance and troubleshooting remotely.
The convenience of being able to remotely access your POS system from anywhere can be appealing and convenient. It may save you, your IT staff or your service providers (vendors, integrators, resellers) a visit to your office or store.
But the advantages offered by remote management software exposed to the internet may also pose significant risk to the security of your customer payment card information. Attackers, too, can gain access to these remote access tools - often by cracking weak passwords - to bypass security measures and laterally advance across your network. According to the 2016 Trustwave Global Security Report, insecure remote access software and policies, at 13 percent, contributed to the largest share of compromises Trustwave investigated in 2015 - and nearly all POS breaches in the year prior.
Security of cardholder data for merchants is critical, but remote access solutions pose an increased risk if they are not used in a manner with the Payment Card Industry Data Security Standard (PCI DSS). Here are some tips for helping stay in compliance and keeping your POS systems safeguarded against cyberattacks.
For best practices in fraud protection, view Sterling Payment Technologies tips on card-present and card-not-present transaction fraud here.
This guest post was written by Sterling Payment Technologies, a Tampa, Fla.-based payment processor.