The holiday season is fast approaching, so now is the time for retailers to arm themselves not just for hordes of shoppers but also scammers, fraudsters and cybercriminals. The technology is available to help merchants protect themselves and their customers from fraud this holiday season. This is the time to make sure all POS systems are updated to protect against fraud and other cyber criminality.
Laura Miller, president of small business of Chase Merchant Services at JPMorgan Chase, says 75 percent of companies experienced some type of payment fraud in 2016, and the total number of attacks increased over 2015. New industry standards and up-to-date point of sale technology can protect businesses if they take action to close their security gaps.
1. Utilize Point-to-Point Encryption (p2pe) and Tokenization
Retailers that have already upgraded their POS systems to accommodate EMV chips can breathe a small sigh of relief this holiday season. The chip-and-PIN technology, now in the wallets of almost all American shoppers, uses encryption to significantly decrease and eliminate opportunities for fraudsters to steal payment data. Harmful malware typically infiltrate systems that lack p2pe and tokenization.
If a merchant has not yet upgraded to a POS device that accepts the new cards, all the security in the world is useless. Research from Iovation found that retail brick-and-mortar credit card crime has been declining since the EMV liability shift and widespread roll out of associated chip cards in 2015 that feature these safety upgrades. This means that merchants need to be accepting EMV payments, in order to keep fraud down. The chip cards are only one part of the payment security equation – merchants need to meet consumers half way.
2. Stay Informed
Merchants should make sure they know when the deadlines are to upgrade to the latest global security standards. They’re set by the global PCI Security Standards Council. Miller says merchants that don’t stay current risk losing sales because payment processors will no longer accept payments using non-compliant encryption technologies. Another reason to stay up-to-date is to protect against fraud and chargebacks.
Merchants should also utilize security focused websites and blogs to keep up with the latest information and trends. There are plenty of resources out there to ensure that a merchant is receiving proper security education. If a merchant is working with a payment processor, exploring their blog section may offer a lot of insight.
3. Secure the Network
Merchants should have firewalls activated in order to secure the network. Limiting the number of authorized IP addresses should be done for outbound firewall rules as well. Cyber criminals can utilize misconfiguration to their advantage, as they can enable ports to communicate with various IP addresses around the web. If a merchant works with a payment processor, it is a good idea to segment them from other networks. Creating stricter access control lists and applying them on router configurations can also restrict unauthorized activity.
4. Restrict Remote Access
Merchants should restrict remote access to their point of sale devices and only allow a limited amount of known IP addresses. If remote connectivity is allowed at all, it should only be enabled during work time or when updates are needed. Utilizing firewalls is highly recommended. Keep the Wi-Fi separate, as well as security cameras, if those are connected.
Merchants need to be extremely mindful to where their information is being shared. It is imperative that the point of sale is not being used for surfing the internet or checking email. Login credentials and private information should be kept away securely. Security testing, risk assessments, and two-factor authentication can be used to identify weaknesses and allow for stronger access controls.
Larry Brennan, senior vice president of merchant data security and cybersecurity at Bank of America Merchant Services calls for “practicing good cyberhygiene.” To prevent POS disruption, retailers should instruct their store managers to check the in-store video cameras if accessible and train them to watch for any signs of fraudulent behavior with their POS equipment.
To avoid an unpleasant holiday season, merchants must ensure they’re compliant now and ready to serve their customers without any disruptions including the inability to process transactions as payment processors comply with the required updates.
This article originally appears: 4 Point of Sale Must-Haves to Fight Security Attacks This Holiday Season