Twitter icon
Facebook icon
LinkedIn icon
Pinterest icon

3 Tips For Securing Customer Data On Your Retail Point Of Sale System

Image of a padlock on a credit card

A retail point of sale (POS) system should do more than serve as an integrated solution to running a business. In light of recent credit card breaches at major retailers nationwide, stores must make sure they protect customers’ personal information during transactions at the register. 

The string of stolen payment card data brings to light malware’s new target. Commonly thought of as a security threat to only personal computers, malware attacks other computer-based systems, like retail POS software. As a result, malware-infected POS systems have become the root cause of many recent consumer data breaches, which are thrusting the issue of consumer data security into the spotlight. 

Retail POS systems infected with malware typically contain memory-scraping malware, which is designed to intercept specific credit card data, such as a cardholder’s name, address and the card’s security code. 

Retailers of all sizes are responsible for protecting consumer data and for complying with Payment Card Industry (PCI) security standards. The penalties for noncompliance vary from $5,000 to $500,000. That means noncompliance or a security breach puts your business financially at risk. If you’re a small retailer, a violation could potentially put you out of business. 

For small to mid-market retailers, these three tips help to increase protection of consumer data on retail POS systems and assist in meeting PCI security standards.

  1. Ensure that your retail POS software is PCI-compliant: Consumer data protection starts with the software you’re using. Essentially, a PCI-compliant POS software means that the software has a minimum level of security that processes payment securely. 
  2. Install PCI-compliant POS hardware: While PCI-compliant software is a must-have for many businesses to meet security standards, PCI-compliant card payment devices also help to secure consumer data. 

    Some vendors create both PCI-compliant software and hardware. While having encrypted hardware is not a PCI requirement on its own, the PCI Security Council has created programs for developers and device manufacturers to validate and test their products to ensure they follow the security standard. PCI security requirements include protecting wireless transmissions and ensuring that the device is not retaining the data on the full magnetic stripe, PIN data or card verification code. 

  3. Use a third-party service if you must store card information: Storing or saving card payment numbers puts you as a retailer at risk for a security breach. However, some retailers must keep some customer credit card information on-hand for reoccurring billing.

    To minimize a card security breach, some retailers opt to use a third-party service to store card information. The third party service bears the responsibility of meeting PCI-compliance. This is helpful for small and mid-market retailers that do not have a dedicated IT employee ensuring that their retail POS operations continually meet PCI standards. 

    Another third-party method of securing card information is “tokenization.” This technology involves replacing sensitive cardholder data with other numbers. The “token” numbers are structurally similar to credit card numbers — they’re arranged in four groups of four digit numbers — and meant to replace the actual card’s data. 

    This is how tokenization works: When a customer purchases a product online, the credit card information is sent directly to a third party to process the payment and to create token numbers representing the credit card. The third party provides you as the retailer with the token numbers, which are stored on your on-site retail management solution in place of the cardholder’s actual card data. So, for future or recurring payments, you transmit that token number (instead of the actual card number) to the third party for payment processing. This minimizes the risk of a security breach because the true card numbers are never stored on-site at your store. 

Maintaining PCI-compliance may be a challenge for retailers without an IT employee dedicated to the task full-time. However, these tips are designed to help you take the right steps to meet security standards and increase the protection of your customers’ financial data. 

Learn more about protecting customer data by scheduling a free demonstration of ArcherPoint's retail solution today.

Blog Tags: