12 best practices to protect your POS system from POS malware

Your point of sale system is the combination of hardware and software that streamlines your business operations and facilitates customer payments. When it becomes the victim of a malware attack, your retail operation can come to a screeching halt. 

Although you can never create a security environment that is totally locked down against attack, you can follow some best practices that will help to protect your resources and the shoppers you serve.

What is POS malware?

POS malware is software that is specifically created to steal customer payment data. Criminals then usually sell it to other bad actors. 

The system is compromised either by attaching a second reader to the store’s equipment that “skims” the customer’s payment information or by scraping the memory of a POS as soon as a payment is initiated and then transferring it to the criminal’s remote computers.

First, the attacker sneaks into the network hosting the POS, usually by means of an associated network. After gaining access to the point of sale system, they install data-stealing malware, send it to a provisioning server and remove it from the retailer’s equipment.

These tactics can be very sophisticated, and you might be wondering what you can do to stop thieves in their tracks. Fortunately, you are not powerless as long as you implement some commonsense security practices.

1. Make regular system updates.

Before all else, keep your systems updated. Failing to do so makes you vulnerable to attacks by bad actors who can easily exploit obsolete software. 

If you are still using Windows XP, for example, it’s time to upgrade to a version of the operating system that is frequently supported according to the most recent changes in the security landscape.

2. Use whitelisting.

Use whitelisting technology to protect your ecosystem against unauthorized entry. When you do so, only pre-approved applications will be allowed to run.

3. Segment your data.

When you isolate your POS systems, you reduce the attack surface that can be exploited during a breach and make detection easier. 

Moreover, you can further safeguard the security of your information because it will be stored in separate locations.

4. Update your readers.

If you have any outdated magnetic stripe readers, replace them with the newer chip versions. These modern readers generate a unique transaction code for each purchase. As a result, copying and stealing card data becomes much more difficult.

5. Closely manage access.

User privilege and the ability to get into your POS system must be restricted to only staff members who need them. 

Furthermore, you should take advantage of monitoring capabilities that allow you to maintain logs of who is entering your systems, when they do so and what information they access while they are there.

6. Employ encryption systems.

When data is shared across networks, it is at its most vulnerable to interception by hackers. Encryption hides data during storage and when it is being passed along, foiling the malware.

7. Use video surveillance.

Although skimming occurs less frequently, it remains a very popular data-stealing method among criminals. 

When you install cameras near each point of sale system, you will be able to see if someone has attached a skimmer to your unit.

8. Invest in a POS monitoring service.

The sad fact is that many of the most serious data breaches are initiated by internal employees such as counter staff. 

Once you configure your systems with this service, it will send video clips and POS data as a breach is occurring to the monitoring company.

9. Conduct frequent testing.

Even if you have strong protocols in place and take pains to upgrade hardware and software, you should never assume that all is going well without finding out for yourself. 

Conducting regular security tests of your POS system will help you to identify weaknesses before they are exploited.

10. Bolster your login procedures.

Implement a strong password policy that requires regular changes and complex series of letters, numbers, and characters. Additionally, put two-factor authentication in place that confirms your identity and that of authorized personnel at every login.

11. Safeguard the physical security of your POS devices.

All too often, thieves enter your premises and steal POS terminals, thus compromising the safety of data and costing the business money. Make it a point to secure and physically lock all terminals, and set up monitored alarms to notify you if there is a break-in.

12. Provide extensive training.

The people who work for you can become your first line of defense against phishing emails, identity theft, and other forms of data breach. 

However, you need to provide comprehensive instruction and written documentation to make this possible. Promote an environment where security awareness is one of your top priorities, and attacks on your POS system will be less likely to occur.

You know that your POS is the beating heart of your organization. Protect it with airtight practices and protocols and a staff committed to data integrity, and you can send hackers packing.