With cashless transactions becoming the most preferred payment mode among Indian shoppers, and the number of plastic (credit and debit) cards reaching a whopping 500 million as per a recent estimate, the threat is clearly written on the wall as card holders are increasingly facing the risk of compromising sensitive details at ‘unsecured’ Point of Sale (POS) to unscrupulous data hackers.
When you swipe your card next time for payment at a retail store, will you be sure that your card details such as name, number, expiry date or CVV number won’t be tapped by someone sitting at a distant place using malware planted into the POS system? These data can later be used for fraudulent transaction activities. Even passwords can be extracted and later used to cause financial loss to you.
Generally, shoppers won’t bother whether the payment systems they use are secured or open to malware attacks. The onus is purely on the retailers to offer customers a secured POS gateway which can thwart any malware intrusion, and instill confidence in the minds of customers to go for cashless transactions.
So, when you buy a POS system for your retail store, textile showroom, medical shop, hotel or hospital, where cashless transaction is the most preferred mode of payment, you must take certain precautions to safeguard your brand/company against “POS intrusions” in order to prevent your valued customers falling into the trap of hackers.
In reality, most POS attacks can be avoided. Though there can be many threats to POS systems, there are many ways too to combat such attacks.
Recently in the US, fast food giant Wendy’s has found that hundreds of its point-of-sale systems across various outlets were infected with malware. Over a period of time, customers’ credit card details such as cardholder name, expiration date, card number and verification code, have been hacked. When a hacker gets all these details, he can use your card to make purchases.
Use iPads at POS
In most of the recent attacks, malware applications were found to be loaded into the memory of POS systems. Hackers generally upload malware apps into POS and extract data without the knowledge of merchants and customers. The malware app and POS app run simultaneously to facilitate data pilferage. However, in iOS, the chance of data theft is almost nil as the system runs one app at a time thereby nullifying the chance of malware attacks on Apple-made devices. In Windows, all the apps run simultaneously straining the system memory and increasing the chance of malware attacks.
Adopt End-to-end Encryption
Use a POS software solution which prevents hackers to access your customer data. The system should encrypt sensible credit/debit card details the moment it passes through POS terminals and then when it moves to the server for future reference. The data hence become less vulnerable irrespective of the presence of malwares installed by hackers anywhere in the system.
Install Compatible Antivirus Software
Retailers should install endpoint protection POS software to prevent harmful POS malware infiltrating their systems. This is, obviously, a simple solution to prevent attacks. These anti-virus tools scan POS devices periodically to detect problematic or suspicious apps or files and remove them immediately. You will also get an alert on suspicious files so that you can initiate manual cleansing process, if required.
Secure your System from Data Pilferage
If any the systems across the store is not locked or secured at the end of the day, there are possibilities of human intervention, loss of devices or theft which can expose the customers’ data to outsiders. If devices are stolen or lost, anyone can access data unless they were not secured. It is better to lock all devices at the end of the day, and secure them in a place where no one but authorized employees will only have an access.
Data Security Compliance
Apart from managing POS checkouts, retailers need to comply with the existing rules on data security across card readers, servers, routers, online shopping carts, paper files and networks. It better you hire a qualified security expert to review complete POS applications to ascertain whether or not the system is fully in-tune with the global and national data security standards. If your outlet or firm is too small to have a security expert in addition to other supportive staff, you can hire someone having deep security knowledge to safeguard POS systems from unexpected malware attacks.