BACK

Your Business Credit

How can I protect my point-of-sale system against security breaches?

Summary

Lax POS security can cost your small business steep fines from credit card issuers if your system is breached. Safe password practices are one of your best defenses.

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

QuestionDear Your Business Credit,
I have heard that the point-of-sale system at my store could be breached if I don’t have the right kind of password. What should I do to make sure it is secure? — Steven

AnswerDear Steven,
This is a great question. Many small business owners are at risk of a breach at the point of sale and don’t know it. Verizon’s 2014 Data Breach Report found that 14 percent of incidents in 2013 were point-of-sale (POS) intrusions. Most victims discover their system has been breached after they are told by someone else, such as law enforcement.

A breach can cost your business money, especially if you don’t detect it quickly. If a credit card issuer traces POS fraud to your lax security, you may face steep fines, as I discussed in more detail in my earlier column, “Hackers up the ante for small business data security.”

POS breaches are so widespread that earlier this month, the PCI Security Standards Council, an open, global forum for the development of payment card security standards, announced it was launching the “Passwords for Payments” initiative to help merchants avoid such breaches. Poor use of passwords contributes to hackers being able to penetrate your system.

So what can you do to protect your customers’ information?

As the PCI council pointed out, criminals take advantage of easily guessed and weak passwords. One of the most common passwords is — you guessed it — “password.” If you’re using that password for your system or the default one that came with the system, change it — today! Verizon’s report suggests avoiding dictionary words, too, which are also known to be weak.

Don’t forget to put smart password protocols in place with others who have access to your system, too. If a third-party vendor maintains your system for you, have a conversation about its policies for setting passwords. Do not allow the vendor to use the same password as it does for other clients. Verizon suggests restricting remote access to your POS system by such vendors, too.

There’s a good reason for asking vendors to be cautious. In one incident in 2013, credentials were stolen from a POS vendor after being compromised by malware on that vendor’s system. The vendor had been using the same password for all of the systems it serviced at different companies. Once hackers stole that password, they were able to get their hands on information on the customers of the vendor’s client.

Verizon suggests installing anti-virus software on your POS system. Also avoid using your system to browse the Web, email, use social media or play games.

If you are in an industry that is especially vulnerable, I’d suggest setting up a meeting or phone call with your POS vendor to see if there are any other steps you should be taking. Some industries are hit harder than others by POS fraud. For instance, 75 percent of incidents in the accommodations industry are point-of-sale breaches, and 31 percent of those in retail fall into this category, according to the Verizon report. There may be special steps that your consultant recommends for people in your industry. Listen carefully. You can’t be too careful about protecting customers’ information.

See related:How soon should retailers switch to EMV?, Protecting your business from credit card fraud, When does a merchant account make financial sense?,

What’s up next?

In Your Business Credit

Are schools putting your child’s information at risk?

It’s become the norm for school districts to turn over sensitive student data to outside ‘cloud computing’ companies, a practice that has ignited concerns about student privacy.

Published: June 10, 2014

See more stories
Credit Card Rate Report Updated: August 21st, 2019
Business
15.55%
Airline
17.49%
Cash Back
17.63%
Reward
17.49%
Student
17.69%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.