Protect your business online

Point-of-sale (PoS) systems are a common target for criminals, especially in retail and hospitality. Attacks can affect both the hardware and the software that processes card payments.

Main risks to point-of-sale security

PoS systems can be targeted in two main ways:

• hardware attacks - when criminals attach a 'skimmer' device to a terminal to intercept and capture card data
• software attacks - when malware is used to gain access to the PoS networks and steal payment data as it transmits through the network

If you use point-of-sale networks to conduct business, you must follow security best practices and make every effort to protect your terminals and software.

How to protect your point-of-sale station and network

For best security, use multiple layers of protection. This means you should:

• Use strong, unique passwords. Change default usernames and passwords after installation and update passwords on a regular basis.
• Keep all software updated. Apply the latest security patches to your PoS system to keep it protected against known vulnerabilities.
• Use firewall and anti-virus software to protect the terminal and network from malware - see common cyber security measures.
• Use encryption for data transmission. Your POS service provider usually sets this up default. If you have any concerns, discuss safeguards with them to protect your system.
• Control access. Only allow authorised staff to access customer data. This reduces breach risks from insiders, stolen credentials or errors.
• Block PoS devices from accessing the internet, where possible. This can prevent exposure to online threats like drive-by download or remote exploits.
• Segment your network. Isolate PoS systems from other business systems like office PCs - this can help malware spreading to your PoS within your local network.
• Disable remote access, where possible. This stops criminals exploiting weak logins and reduces the number of ways they can get into your system.

Even with these measures in place, no system is completely safe. Train staff to spot signs of tampering or suspicious activity, and monitor your systems for security breaches. It's also a good idea to test your cyber security incident response plan and keep your PoS supplier's contact details handy in case of an incident.