Preventing Data Breaches at the Point of Sale
By now, you have no doubt heard the horror stories of data breaches resulting in stolen customer information at big box stores and large chain restaurants. But just because we only hear about breaches at large companies, it doesn’t mean they aren’t occurring in smaller chains and independent restaurants. In fact, hackers specifically target small retail businesses and restaurants that tend to have less rigorous security controls in place.
So how do you protect yourself and your restaurant business? Here are a few tips for ensuring your customer data remains safe and secure.
- Keep your software up to date: both your POS and your operating system. Your POS provider should be making regular updates to their software as new fixes and security updates become available.
If you are a SpeedLine customer, keep informed of security notices and upgrades: log into the Customer Support site and subscribe to Support Advisories.
- Ensure that your POS provider uses only PCI compliant methods to access your store system and data. Many of the largest recent breaches have been the result of hacked support credentials.
- Use strong passwords. Ensure that all passwords are changed from the defaults to strong passwords 8-20 characters long. Because default passwords are too easily discovered by hackers, this is a PCI requirement. Change your passwords regularly, and use a unique password for your POS—not a common one shared with other accounts. For tips on creating strong yet memorable passwords, see the Strengthen Your Passwords post.
- Consider a payment solution with EMV PIN pads throughout and tokenized payments online to limit your risk and minimize the costs associated with managing PCI.
- Keep your POS network and your restaurant’s public wifi network separate. Your POS should not be on the same network as any computer, tablet or phone used to access the internet for other purposes.
- Don’t allow employees to browse the internet, or download applications on your POS stations. This is especially important on tablets, as employees may not understand the dangers.
- Make sure your POS system is PA-DSS compliant. You can check the PCI Security Standards Council’s website to see if your provider is compliant.
Have more questions about keeping your POS system secure? We’d be happy to walk you through what to look for in a POS system, and how to ensure yours is up to date.