This image was taken by [ henning ] on Flickr
Are POS systems secure and to what degree is confidential customer data protected?
Point of sale payment systems have become widespread in thousands of retail facilities across the country. It is now common to see these terminals at supermarkets, hotels, beauticians, and restaurants, as the technology behind these systems enables business owners to increase productivity and prevent errors when handling cash. The first retail POS system appeared in the 1990s, and, as the technology continued to evolve, the functionality and ease of use of these systems has also increased. However, there are still some consumers (and business owners) who are concerned about the security offered by POS systems. With this in mind, what security measures are behind POS systems and how do these protect sensitive information?
Because POS systems consist of physical terminals and servers that transmit data over the Internet, the security behind these systems can be classified into three different levels: data access, physical security, and network security.
Data Access Security in POS Systems
During a typical POS transaction, the customer has the option of swiping their bank card or entering their Chip and PIN into a peripheral POS device. What happens to the card information when a customer decides to use this method?
It is now an industry standard that POS terminals do not display card information at any point. Likewise, modern POS systems do not allow the storage or printing of confidential information. This means that there is no chance for bystanders to gain visual access to card information and other sensitive data.
In addition, POS systems are configured so that staff operating them only have minimal permissions when it comes to data access. Authentication is required in order to access reports, administer databases, and manipulate the system settings, and point-of-sale staff do not have access to this authentication layer. In the event of anyone trying to tamper with the POS terminal by entering an incorrect password, most POS systems will lock the user out and require the intervention of the system administrator. Another common security feature of these systems is that they automatically lock themselves if a terminal has not been in use for 10 minutes.
Physical Security Measures in POS Systems
Any data handled by a POS terminal is stored in a secure server, not in the terminal itself. This means that confidential customer data is out of reach and securely stored in a location to which members of the public have no access. Over the past few years, a data storage system known as cloud storage has been applied to POS systems. By using cloud storage, the data handled by POS terminals are sent to a virtual server and, since there is no physical access to that storage point, the chances of data loss and theft are minimal.
In addition, it is possible to add an extra layer of security to cloud-based data storage by setting up an encryption system where sensitive data is converted into alphanumeric characters that have no real value to anyone trying to access them.
Lastly, whenever a receipt is issued, card information is masked by the POS system, so that no one has access to the full card number should the receipt be lost or discarded.
Network Security Features in POS Systems
Although POS systems communicate information via the Internet, these terminals do not connect directly to the net. Instead, they use a secure private network connection that is only used to transmit data between the server and the POS terminals in place. This reduces the possibility of hacking attacks.
With secure POS systems, retailers can streamline their business operations while offering total peace of mind to their customers.