POS Data Security: Are You Doing Enough to Keep Merchants Safe?

How point of sale (POS) ISVs and VARs provided solutions to their clients has evolved over time. When ISVs first developed POS software, the focus was on the technology itself and how superior management via purpose-built solutions compared to using electronic cash registers and standalone credit card terminals. As more businesses implemented POS systems, the focus shifted toward the customer experiences they could provide and the impact it had on merchants’ competitiveness. Although the importance of leveraging technology for greater efficiency and enhanced CX continues, a new priority has emerged: POS data security.

A Solution Built for Security

It’s a smart strategy to take security into account when you choose and implement every component of your clients’ total solutions, including:

• PCI-validated solutions:Vendors have their POS solutions assessed to show they meet Payment Card Industry Security Standards Council (PCI SSC) standards. PCI establishes these standards to ensure that merchants are using IT systems, applications, devices and other components that are designed to keep POS and payment data secure. You can visit the PCI SSC website for a list of validated solutions.
• Hardware-agnostic POS software:This gives you the ability to choose hardened hardware and physical access control and security features.
• Network segmentation:Keeping POS and payment data confined to its own network minimizes the risk of data breaches that can be traced back to phishing emails or clicking on a malicious link. Email, social media activity and browsing the internet should never occur on the same network as the POS system.
• Processor–agnostic payment processing:Processor-agnostic payments provide merchants with the agility to change processors without ripping and replacing existing systems. Payment-agnostic payment solutions assure your clients that they won’t be locked into a system that doesn’t support the highest degree of POS data security.
• Network and application security solutions: Merchants, like any business that wants to keep its IT environment and data secure, need security solutions such as identity and access management (IAM), encryption, specifically PCI-validated point-to-point encryption (P2PE), network and web application firewalls, antivirus or antimalware and intrusion detection/intrusion prevention systems (IDS/IDP).

The Good News and Bad News About POS Data Security Strategies

The 2020 Verizon Data Breach Investigations Report drilled down into security incidents by vertical and found, not surprisingly, that criminals that attack this sector are almost exclusively financially motivated. Verizon reports some good news: Attacks on POS servers and terminals decreased recently, accounting for only 0.8 percent of all data breaches over the past year. Most of those attacks used RAM scrapers, which scrape payment card data from memory of servers or endpoints. The use of payment card skimmers, devices that fit over a payment terminal to intercept payment data, also decreased in the past several years.

However, retail experienced a growing number of attacks on web applications, which is bad news for omnichannel or e-commerce businesses. Verizon reports that of the retail data breaches it investigated, 40 percent resulted from attacks on web applications.

This finding underscores the need to provide your merchant clients with omnichannel payment solutions that secure payments, regardless of how or where they’re made. An omnichannel payment solution will give your clients the visibility they need into payments – and unusual activity – on all channels. They also secure all payment types, including unattended, contactless, mobile wallet, in-app and online. Leading omnichannel payment companies also offer your clients with security-focuses features, such as tokenization. This technology keeps human-readable payment data out of the POS system, replacing it with a token, makes subsequent purchases easier for the consumer, and reduces PCI scope for the merchant.

The Vital Role of ISVs and VARs in POS Data Security

Your clients are experts in their fields or niches. They’re retailers, restaurateurs, salon or fitness center owners, and many are small and medium-sized businesses. But they aren’t POS security experts. They rely on you to stay ahead of cybercriminals and provide businesses with the solutions they need to keep POS and payment data safe and protect them from data breaches, which, for some, could put them out of business.  

You need to provide vital services such as keeping your clients’ systems up to date, performing vulnerability testing and monitoring for potentially malicious activity. But you also have to stay informed on the threat landscape, provide solutions designed to minimize risks, and be the trusted POS data security advisor your clients need.

Secure your point of sale with Datacap's security-centric payments solutions, Get in touch with us.

Justin Zeigler is the Director of Product, Datacap Systems Inc.

(This blog post was original published on Datacap Systems’ blog.)