A Handy AVPS Guide to Point-of-Sale Security, Pt. II: Mitigation & Protection
The Rising Tide of Security Concerns
Last week, we mentioned card issuer alerts calling for more vigilance on the part of merchants to “shore up” their POS security mitigation systems, in an age of increased hacking, breaches, and network intrusion.
This lack of security has resulted in some unfortunately spectacular “virtual break-ins,” like the Target breach and the ones that followed, resulting in the information for millions of customers being pilfered, compromised, and sold not only to the “highest bidder,” but to whoever meets the price of those vending the data.
Liability and costs accrue, to say nothing of loss of customer trust — Target sales, for example, took a direct hit in the wake of the POS hack they experienced. (As we go to press, StubHub is the latest to report a breach of customer information.)
Don’t Become The Next Victim
So let AVPS help you from becoming another “target,” or the latest “hacker headline!”
Proactive Steps for POS Security
As mentioned in our previous post, consider this a reminder to check all your remote management software for insecure configurations, use of lapsed or unpatched applications (especially on publicly accessed systems on the internet), easily guess — or default — passwords (or usernames), make sure your system is compliant with PCI DSS.
Best Practices for Enhanced Security
- Make sure firewalls are working, and that firewall rules are operating — for example, only allowing remote access from known IP addresses.
- Enable remote access only as needed, and only when necessary.
- Restrict remote access to only the service provider and only for established time periods.
- Always use two-factor, or “two-step,” authentication for remote access — i.e., an additional way of “signing in,” or gaining access, besides a username/password screen.
- Verify that a unique username and password exists for each of your remote management applications and devices. Contact AVPS, or any other support provider or POS vendor in your system, if you have any questions.
- Always use the latest versions of remote applications, and as ever, ensure security patches are always applied.
- Check your OS! Upgrade any outdated systems. As previously noted in this space, for example, if you’re still on Windows XP you need to start migrating away… now!
Need More Help?
For more information, upgrades, questions, etc. Contact us at AVPS!
A Final Note
And remember — “have fun — but be safe” isn’t just for summer trips to the beach anymore!