POS Payment Security
Protecting card data is your responsibility
Let your POS do the heavy lifting
If you accept credit cards, you also accept responsibility to keep sensitive cardholder data secure from theft and misuse. If your system is hacked and card numbers are stolen, you could be held liable for the damages, the cost of replacing all the compromised cards, legal fees, and the hefty fines levied by the card associations.
Complying with 12 PCI data security standards, in addition to monitoring employees and customers for fraudulent behavior leaves many merchants feeling overwhelmed with the task. Vantiv Integrated Payments offers compliance assistance services and breach protection to help mitigate the effects of a breach, but even with support, compliance can be a heavy burden.
Put your POS to work One of the biggest tools at your disposal for helping you secure card data is an integrated point of sale (POS) system. With built-in security features that mask credit card data via encryption and/or tokenization, you can significantly reduce your compliance efforts and protect your business’ bottom line and reputation from the effects of a data breach. Plus, many new payment acceptance technologies offer greater security than traditional credit card transactions. With the right POS system, you can accept new payment types like Apple Pay® and PayPal Mobile Payments.
Here are some of the ways an integrated POS system can help secure data.
E2E stands for end-to-end encryption. It is also sometimes referred to as point-to-point encryption (P2PE) or E2EE. P2PE can be defined as a solution that encrypts card data from the entry point of a merchant’s point of sale to a point of secure decryption outside of the merchant’s environment, such as a payment processor. In a P2PE environment, cardholder data is not in the clear (visible in clear text), and the confidentiality and integrity of the data-in-motion is maintained securely point-to-point. P2PE is intended to directly address the risk of unauthorized interception associated with cardholder data-in-motion such as during transmission of a transaction from the POS terminal to the payment processor. It does not address data-at-rest (stored cardholder data) in legacy or other systems used for ongoing operations. In a nutshell, it means the card number is encrypted from the moment a card is swiped and for the duration of the transaction. Without E2E, when a card is swiped the card number is recorded in clear text for a split second before the POS encrypts or s it, making it vulnerable to data thieves.
Tokenization also makes card data useless by replacing it with a “token” that has no value. The token is generated by a third-party service provider and is only useable by those entities with the payment card data required to process the transaction. Tokenization is intended to address the risk of unauthorized access associated with stored cardholder data. Tokens are particularly useful in situations where the card number is stored for future use like recurring billing or tip adjustment. The combination of P2PE and tokenization creates a comprehensive and powerful solution for merchant and consumer data protection.
Mobile Payment Technologies
New and emerging payment types are getting a lot of attention in the industry and promise to grow in popularity and demand. But mobile payment technologies aren’t just gaining traction because of their cool factor and convenience, they can also add additional security to transactions.
Near field communication (NFC) allows two devices, like a smartphone and a POS terminal, to exchange data when they are in close proximity to each other. NFC is the technology behind many mobile wallets like Apple Pay, and Google Wallet®. Mobile wallets using NFC technology increase security because in addition to standard credit card authorization protocols, they include additional security measures. When a user initiates a transaction, a unique code is generated and sent for authorization in lieu of the actual credit card number. In the case of Apple Pay, the user then scans their fingerprint or enters a passcode to complete the transaction. From there, the transaction is processed the same way as a credit card.
Pay at Table
There are a number of tablet based POS systems and handheld wireless terminals on the market that enable restaurant diners to retain possession of their payment cards when paying the check. In a traditional restaurant transaction, the customer hands their card to wait staff, who then takes the card to a payment terminal to perform the transaction, often out of sight of the customer. This provides an opportunity for an unscrupulous employee to swipe the card through a device called a skimmer that collects the sensitive data which can then be sold or used fraudulently. With pay at table capability, customers can pay without losing possession of their card, reducing the risk of having card data stolen or misused. Add in encryption and/or tokenization, and now you’re getting serious about security.
Your data is only as secure as your POS
Your POS may be a heavy hitter when it comes to protecting data, but it can’t do its job properly if you leave it exposed and unprotected. Here are some things you can do to make sure your POS stays in good working order and isn’t compromised by data thieves.
• Set up a firewall—Your POS should have its own firewall and router and should be kept separate from other systems that access the internet. Don’t use the POS to surf the internet.
• Use complex passwords and change them regularly—Make sure that every employee accessing the system uses their own unique password and changes it every three months.
• Limit remote access—Only those with a specific and clearly identified need should be permitted to have remote access to your system. Be sure to assign separate log-in credentials for every remote user and keep passwords updated.
• Keep anti-virus software programs installed and up to date.
• Check for skimming devices—Skimmers are small and can be installed on directly on the POS mag strip reader. Train your staff to look for unauthorized devices and other suspicious activity.
• Have and enforce a security policy with your employees Vantiv Integrated Payments works with thousands of the top POS system vendors who can help you get the POS system you want, with the security features you need to keep your doors open and the customers coming in.
*Apple Pay and Google Wallet are registered marks belonging to one or more unaffiliated third parties that do not endorse or sponsor Vantiv Integrated Payments, LLC.
- More Secure Ways To Pay
- Small merchants use tokenization
- What merchants should know
- Merchant cash advance for small business
- What is a merchant cash advance
- Bridging the Gap Part 1: New Customer Expectations
- Bridging The Gap Part 2: Merchant's current reality
- Bridging The Gap Part 3: Digital Commerce
- Breach Report
- Safe and Sound: 4 Tips to Secure Your Business
- Securing the Customer Experience
- Top Five Payment Technologies You Should Not Ignore
- Ways Merchant Can Hurdle Mobility POS Adoption Challenges
- The Time is Now to Develop a Mobile App
- Reasons Consumers Shop Online
- PCI for Retailers
- Loyalty and Payments
- E2E and Tokenization For Your Business
- Avoiding Fraud on your ecommerce site
- The Top 3 Data Breaches of 2014
- Today's Emerging Payments Trends
- EMV: What You Need To Know
- Learn What's New With PCI 3.0
- Integrated Payments and Security
- The Four Levels of PCI Compliance
- PCI Compliance For Restaurants
- POS Security Best Practices
- What does it take to be PCI compliant?
- Beyond cuisine
- What is PCI Compliance
- Article-More repeat business for your restaurant
- Protect Customer Data at the POS
At Your Fingertips
Data security can be complicated. But, apply these simple 5 best practices to help avoid a data compromise and protect your business.
As a business owner, you've likely heard a lot about data security. This short guide separates fact from fiction.