Point of Sale Security: What Every Merchant Should Know

Transcription

1 Point of Sale Security: What Every Merchant Should Know

2 Introduction Security Matters Hacking is a fact of life. Some hack for fame, some for sport, others for profit. In 2013 a group of hackers created and sold tens of thousand of dollars in gift cards after hacking Subway s point of sale. 1 The 2013 Holiday Hackers have stolen data from 110 million innocent consumers and counting, damaging the reputation and bottom line of major retailers such as Target and Neiman Marcus, as well as credit card providers like JPMorgan.

3 Protecting Your Business

4 1. What You Need to Know Point of Sale systems have become a favorite target for many hackers as POS security measures lag behind other technologies. 75% of current POS systems are running on Windows XP-based software, a system so antiquated it is 3 months from being discontinued entirely. Almost no systems bought before 2011 are secure, and merchants should upgrade to more secure platforms. The US Department of Homeland Security has outlined a number of best practices merchants should adhere to. Merchants must use a secure network, update software regularly, and restrict access to both the POS itself and the network. Consumers are also cautioned to change their debit card PINS regularly. Verizon s 2013 Data Breach Investigations Report:

5

6

7 2. A Preventable Crime Know your POS system software Over 30% of victims of network intrusions in 2013 were merchants POS systems. Simple keylogging software was all it took in most of these cases, and could have been prevented by a more secure operating system.

8 3. Operating Systems: As important as the software itself When shopping for a POS most merchants are concerned with finding a system that offers the features and functionality to best serve their business. Unfortunately, this method makes it easy to overlook the operating system that houses that software. Most POS software operates on legacy Windows systems, which creates a surprisingly easy target for digital criminals. 2 A simple piece of what seems like junk mail could quickly infect not only a single Point of Sale, but an entire network. While there is no such thing as a hacker-proof operating system, with the ipad ios, Apple has come remarkably close. Four key ios security features differentiate it from any other platform on the market: 1. ios places each application (including associated preferences and data), in a discreet sandbox upon installation. A sandbox is a set of particular controls that limit the app s access to files, preferences, network resources, and other potential vulnerabilities. The strict partitions between apps prevent a hack of any one app from infecting the rest of the devices. For example: even if a malicious is opened, the mail app is siloed from other applications, protecting them from infection. 2. Apple requires strict code signing, increasing the quality and security standard of any application on the device. 3. Entitlements in apps provide built in protection against viruses, malware, and other hacks. Users do not have to research, purchase, and install supplemental antiviral software, it is a default feature of all ipad applications. 4. Only one application is able to run at a time. This makes ios a unique system that protects against malware that tries to break in by taking advantage of a less secure app. Even if such a hack were successful, the POS application would be untouchable. 2

9

10 Being Compliant SavesYou Time & Money

11 4. PCI Compliance: Know what to ask Point of Sale software can be protected by a secure operating system, but without equally secure hardware, the system can still put consumers at risk. The PCI Standards Security Council has created a set of Payment Card Industry Data Security Standards (PCI-DSS). Merchants can use these standards as a guideline when choosing both hardware and software to protect themselves and their customers. PCI-DSS standards help merchants make complex security decisions without having to become security experts. If all hardware and software is PCI-DSS compliant, then a merchant can feel secure in having chosen a POS system designed to protect consumers, and subsequently protect themselves. Merchants who chose non-compliant systems pay an estimated $200 per lost record to cover legal expenses and fines. 3 Merchants who chose non-compliant systems pay an estimated $200 per lost record to cover legal expenses and fines. One example is a simple but effective trick thieves have used to steal consumer information: hacking credit card swipes, a tactic that lets thieves access information from every card run through the card swipe. PCI approved, tamper-proof encrypted card swipes protect against this hack, however many PCI-DSS compliant software systems sell unencrypted 3rd party card swipes as part of their solution, all the while marketing themselves as a PCI-DSS compliant software platform. Merchants must verify the compliance of every aspect of their system to ensure they are not being misled. PCI-DSS offers clear guidelines 4 explaining acceptable and unacceptable credit card swipes. Encrypted, tamper-proof cards such as the idtech and Infinea Tab are acceptable, while the widely sold MagTek audioplugin unit does not meet the criteria, putting consumers at risk. Another failure-point built into some systems is an inability to send payment directly to the processor. Storing information on the point of sale s database introduces an unnecessary vulnerability that should be avoided

12 5. The Bottom Line: Choosing a safe system Ultimately, there are two key criteria a merchant should look for when choosing a Point of Sale system: a secure, ios-based system such as an ipad POS, and the exclusive use of PCI-DSS compliant hardware. Implementing both of these measures will ensure that both the merchant and the consumer are protected.

13

14 About Revel Systems Revel Systems is an award-winning ipad Point of Sale Solution for small and enterprise level businesses. The company was founded in 2010 in San Francisco, with the goal of changing the Point of Sale market. Founders Lisa Falzone and Chris Ciabarra developed a quick, intuitive and secure ios-based Point of Sale system by combining cloud-based technology and the mobility of the ipad. Revel Systems software offers a feature-rich POS solution for restaurant, retail and grocery establishments with integrated payroll, inventory tracking, customer relationship management and more. With the introduction of the Revel Marketplace, Revel ipad POS users can now integrate directly into third-party enhancements, including mobile payments, online ordering, gift or reward cards and advanced financial software suites. About Intuit Intuit Inc. creates business and financial management solutions that simplify the business of life for small businesses, consumers and accounting professionals. Its flagship products and services include QuickBooks, Quicken and TurboTax, which make it easier to manage small businesses and payroll processing, personal finance, and tax preparation and filing. Mint.com provides a fresh, easy and intelligent way for people to manage their money, while Demandforce offers marketing and communication tools for small businesses. ProSeries and Lacerte are Intuit s leading tax preparation offerings for professional accountants. Founded in 1983, Intuit had revenue of $4.5 billion in its fiscal year The company has approximately 8,000 employees with major offices in the United States, Canada, the United Kingdom, India and other locations. More information can be found atwww.intuit.com. Contact us Company: Name: Phone: