EVERY business (and consumer) is vulnerable to hackers – it’s inevitable. Just like street crime. However, there are things every business can do to MITIGATE and make it more difficult for hackers to hack your business network.
I’ve asked David Bozin, VP of Growth Development at Bindo, which makes e-commerce solutions for retailers, to comment and give his input on this important topic.
A point of sale system (POS) represents the relationship of trust between a customer and a retailer. When that trust is broken by a security breach that results in credit card fraud or identity theft, it may never be restored. Undoubtedly, it will be costly to try.
The media doesn’t report on the POS systems that are breached. Instead, a retail company name appears in the headlines. Just ask Target and Home Depot. As a small business owner, you could lose your entire business to bankruptcy as the result of a cyber attack. You will certainly lose revenue.
To protect your customers and your business, you need to understand how the cyber attacks happen and how best to prevent them.
Know the Access Points for Hackers
Hackers infiltrate POS systems through three primary access points: the network, the server, and the POS device. The network is breached when any employee on the network opens an email or downloads files that contain malware. The server is vulnerable to attack via malware disguised as software updates. The POS device itself (e.g. the self checkout at Home Depot) can be tampered with by any number of people, from customers to employees to manufacturers to criminals. To ensure a proper defense, you must protect all three access points.
Operating Systems Matter
Think twice about the operating system you use. While no operating system is 100% secure, Windows-based systems continue to be more susceptible to viruses and malware than Apple’s iOS. The iPad alone offers features that minimize potential cyber threats. Sandbox limits an application to its intended functionality. In other words, applications cannot be corrupted for evil intent. Unitasking limits the iPad to running only one software at a time, preventing malware from working behind the scenes. And, due to the limited computing capacity of the iPad, you cannot program directly on the tablet. (For more information about the benefits of iPad POS security, read Bindo’s recently released white paper on the subject.)
Use a POS system that facilitates end-to-end encryption. Instead of transferring data from the POS device to the server before encrypting it, ensure your customers’ credit card and personal information is encrypted from the beginning of the card swipe until the payment is completely processed. That means you need to verify with your POS provider that data remains encrypted at every point in the process.
Chip and PIN Cards
Prepare for the EMV chip card. The United States has mandated that all banks provide customers with Chip and PIN credit cards by the end of 2015. Such regulations have been in existence in Europe for years, explaining the disproportionately fewer incidents of credit card fraud there. An EMV chip card adds a layer of security by requiring the presence of both the chip and the PIN in order for the card to be processed.
Look Up at the Cloud
Take advantage of the Cloud. By storing sensitive information in the Cloud instead of on physical devices at your place of business, you’re eliminating one or more access points for hackers.
Stay current on cyber security. Don’t make the mistake of ignoring warnings or procrastinating necessary updates. Doing so is the equivalent of a boxer letting his hands drop in the middle of a fight. You may stay in the fight, but not for long.