Embed Size (px)
Citation preview
Point of Sale Security:What Every Merchant Should Know
Introduction6(&85,7<�0$77(56
Hacking is a fact of life. Some hack for fame, ZVTL�MVY�ZWVY[��V[OLYZ�MVY�WYVÄ[��0U������H�NYV\W�of hackers created and sold tens of thousand of dollars in gift cards after hacking Subway’s point of sale.���;OL������¸/VSPKH`�/HJRLYZ¹�OH]L�Z[VSLU�KH[H�MYVT�����TPSSPVU�PUUVJLU[�JVUZ\TLYZ�HUK�counting, damaging the reputation and bottom line of major retailers such as Target and Neiman 4HYJ\Z��HZ�^LSS�HZ�JYLKP[�JHYK�WYV]PKLYZ�SPRL�JPMorgan.
1. What You Need
to Know
7VPU[�VM�:HSL�Z`Z[LTZ�OH]L�ILJVTL�H�MH]VYP[L�[HYNL[�MVY�THU`�OHJRLYZ�HZ�POS security measures lag behind other technologies. 75% of current POS systems are running on Windows XP-based software, a system so antiquated P[�PZ���TVU[OZ�MYVT�ILPUN�KPZJVU[PU\LK�LU[PYLS �̀�(STVZ[�UV�Z`Z[LTZ�IV\NO[�ILMVYL������HYL�ZLJ\YL��HUK�TLYJOHU[Z�ZOV\SK�\WNYHKL�[V�TVYL�ZLJ\YL�platforms.
The US Department of Homeland Security has outlined a number of best practices merchants should adhere to. Merchants must use a secure network, update software regularly, and restrict access to both the POS itself and the UL[^VYR��*VUZ\TLYZ�HYL�HSZV�JH\[PVULK�[V�JOHUNL�[OLPY�KLIP[�JHYK�705:�regularly. =LYPaVU»Z������+H[H�)YLHJO�0U]LZ[PNH[PVUZ�9LWVY[!
2. A Preventable Crime
6]LY�����VM�]PJ[PTZ�VM�UL[^VYR�PU[Y\ZPVUZ�PU������^LYL�TLY-chants’ POS systems. Simple keylogging software was all it [VVR�PU�TVZ[�VM�[OLZL�JHZLZ��HUK�JV\SK�OH]L�ILLU�WYL]LU[LK�by a more secure operating system.
Know your POS system software
3. Operating Systems:
>OLU�ZOVWWPUN�MVY�H�76:�TVZ[�TLYJOHU[Z�HYL�JVUJLYULK�^P[O�ÄUKPUN�H�Z`Z[LT�[OH[�VMMLYZ�[OL�MLH[\YLZ�HUK�M\UJ[PVUHSP[`�[V�ILZ[�ZLY]L�[OLPY�I\ZPULZZ��<UMVY[\UH[LS �̀�[OPZ�TL[OVK�THRLZ�P[�LHZ`�[V�V]LYSVVR�[OL�VWLYH[PUN�Z`Z[LT�[OH[�OV\ZLZ�[OH[�ZVM[^HYL��4VZ[�76:�ZVM[^HYL�VWLYH[LZ�VU�SLNHJ`�>PUKV^Z�Z`Z[LTZ��^OPJO�JYLH[LZ�H��¸Z\YWYPZ-PUNS`�LHZ`¹�[HYNL[�MVY�KPNP[HS�JYPTPUHSZ����(�ZPTWSL�WPLJL�VM�^OH[�ZLLTZ�SPRL�Q\UR�THPS�could quickly infect not only a single Point of Sale, but an entire network. While there is no such thing as a hacker-proof operating system, with the iPad iOS, (WWSL�OHZ�JVTL�YLTHYRHIS`�JSVZL��-V\Y�RL`�P6:�ZLJ\YP[`�MLH[\YLZ�KPMMLYLU[PH[L�P[�MYVT�any other platform on the market:
��� iOS places each application (including associated preferences and data), in a dis-JYLL[�¸ZHUKIV_¹�\WVU�PUZ[HSSH[PVU���(�ZHUKIV_�PZ�H�ZL[�VM�WHY[PJ\SHY�JVU[YVSZ�[OH[�SPTP[�[OL�HWW»Z�HJJLZZ�[V�ÄSLZ��WYLMLYLUJLZ��UL[^VYR�YLZV\YJLZ��HUK�V[OLY�WV[LU-[PHS�]\SULYHIPSP[PLZ��;OL�Z[YPJ[�WHY[P[PVUZ�IL[^LLU�HWWZ�WYL]LU[�H�OHJR�VM�HU`�VUL�HWW�MYVT�PUMLJ[PUN�[OL�YLZ[�VM�[OL�KL]PJLZ��-VY�L_HTWSL!�L]LU�PM�H�THSPJPV\Z�LTHPS�is opened, the mail app is siloed from other applications, protecting them from infection.
��� (WWSL�YLX\PYLZ�Z[YPJ[�JVKL�ZPNUPUN��PUJYLHZPUN�[OL�X\HSP[`�HUK�ZLJ\YP[`�Z[HUKHYK�VM�HU`�HWWSPJH[PVU�VU�[OL�KL]PJL�
��� ,U[P[SLTLU[Z�PU�HWWZ�WYV]PKL�I\PS[�PU�WYV[LJ[PVU�HNHPUZ[�]PY\ZLZ��THS^HYL��HUK�V[OLY�OHJRZ��<ZLYZ�KV�UV[�OH]L�[V�YLZLHYJO��W\YJOHZL��HUK�PUZ[HSS�Z\WWSLTLU[HS�HU[P]PYHS�ZVM[^HYL��P[�PZ�H�KLMH\S[�MLH[\YL�VM�HSS�P7HK�HWWSPJH[PVUZ��
4. Only one application is able to run at a time. This makes iOS a unique system [OH[�WYV[LJ[Z�HNHPUZ[�THS^HYL�[OH[�[YPLZ�[V�IYLHR�PU�I`�[HRPUN�HK]HU[HNL�VM�H�SLZZ�ZLJ\YL�HWW���,]LU�PM�Z\JO�H�OHJR�^LYL�Z\JJLZZM\S��[OL�76:�HWWSPJH[PVU�^V\SK�IL�untouchable.
As important as the software itself
��O[[W!��^^ �̂[LJOYLW\ISPJ�JVT�ISVN�P[�ZLJ\YP[`�[HYNL[�KH[H�IYLHJO�L_WVZLZ�ZLYPV\Z�[OYLH[�VM�WVZ�THS-ware-and-botnets/#.
Point of Sale software can be protected by a secure operating system, but without equally secure hardware, the system can still put consumers H[�YPZR��;OL�7*0�:[HUKHYKZ�:LJ\YP[`�*V\UJPS�OHZ�JYLH[LK�H�ZL[�VM�7H`TLU[�*HYK�0UK\Z[Y`�+H[H�:LJ\YP[`�:[HUKHYKZ��7*0�+::����4LYJOHU[Z�can use these standards as a guideline when choosing both hardware HUK�ZVM[^HYL�[V�WYV[LJ[�[OLTZLS]LZ�HUK�[OLPY�J\Z[VTLYZ���7*0�+::�Z[HUKHYKZ�OLSW�TLYJOHU[Z�THRL�JVTWSL_�ZLJ\YP[`�KLJPZPVUZ�^P[OV\[�OH]PUN�[V�ILJVTL�ZLJ\YP[`�L_WLY[Z��0M�HSS�OHYK^HYL�HUK�ZVM[^HYL�PZ�7*0�DSS compliant, then a merchant can feel secure in OH]PUN�JOVZLU�H�76:�Z`Z[LT�KLZPNULK�[V�WYV[LJ[�JVUZ\TLYZ��HUK�Z\IZLX\LU[S`�WYV[LJ[�[OLTZLS]LZ��Merchants who chose non-compliant systems pay HU�LZ[PTH[LK�¸�����WLY�SVZ[�YLJVYK�[V�JV]LY�SLNHS�L_WLUZLZ�HUK�ÄULZ�¹�
6UL�L_HTWSL�PZ�H�ZPTWSL�I\[�LMMLJ[P]L�[YPJR�[OPL]LZ�OH]L�\ZLK�[V�Z[LHS�JVUZ\TLY�PUMVYTH[PVU!�OHJRPUN�JYLKP[�JHYK�Z^PWLZ��H�[HJ[PJ�[OH[�SL[Z�[OPL]LZ�HJJLZZ�PUMVYTH[PVU�MYVT�L]LY`�JHYK�Y\U�[OYV\NO�[OL�JHYK�Z^PWL��7*0�HWWYV]LK��[HTWLY�WYVVM�LUJY`W[LK�JHYK�Z^PWLZ�WYV[LJ[�HNHPUZ[�[OPZ�OHJR��OV^L]LY�THU`�7*0�+::�JVTWSPHU[�ZVM[^HYL�Z`Z[LTZ�ZLSS�\ULUJY`W[LK��YK�WHY[`�JHYK�Z^PWLZ�HZ�WHY[�VM�[OLPY�ZVS\[PVU��HSS�[OL�^OPSL�THYRL[PUN�[OLTZLS]LZ�HZ�H�7*0�+::�JVTWSPHU[�ZVM[^HYL�WSH[MVYT��4LYJOHU[Z�T\Z[�]LYPM`�[OL�JVTWSPHUJL�VM�L]LY`�HZWLJ[�VM�[OLPY�Z`Z[LT�[V�LUZ\YL�[OL`�HYL�UV[�ILPUN�TPZSLK���7*0�+::�VMMLYZ�JSLHY�N\PKLSPULZ4�L_WSHPUPUN�HJJLW[HISL�HUK�unacceptable credit card swipes. Encrypted, tamper-proof cards such as [OL�PK;LJO�HUK�0UÄULH�;HI�HYL�HJJLW[HISL��^OPSL�[OL�^PKLS`�ZVSK�4HN;LR�audio-plugin unit does not meet the criteria, putting consumers at risk.
(UV[OLY�MHPS\YL�WVPU[�I\PS[�PU[V�ZVTL�Z`Z[LTZ�PZ�HU�PUHIPSP[`�[V�ZLUK�payment directly to the processor. Storing information on the point of ZHSL»Z�KH[HIHZL�PU[YVK\JLZ�HU�\UULJLZZHY`�]\SULYHIPSP[`�[OH[�ZOV\SK�IL�H]VPKLK����O[[W!��^^ �̂UWY�VYN�ISVNZ�HSS[LJOJVUZPKLYLK����������������������ZLJ\YP[`�L_WLY[Z�ZH`�YL[HPS�KH[H�IYLHJOLZ�[V\NOLY�[V�ÄNO[���4�O[[WZ!��^^ �̂WJPZLJ\YP[`Z[HUKHYKZ�VYN�ZLJ\YP[`FZ[HUKHYKZ�PUKL_�WOW
0HUFKDQWV�ZKR�FKRVH�QRQ�FRPSOLDQW�V\VWHPV�SD\�DQ�HVWLPDWHG�|�����SHU�ORVW�UHFRUG�WR�FRYHU�OHJDO�H[SHQVHV�DQG�ILQHV�}�
4. PCI Compliance:Know what to ask
Being Compliant SavesYou Time & Money
Ultimately, there are two key criteria a merchant should look for when choosing a Point of Sale system: a secure, iOS-IHZLK�Z`Z[LT�Z\JO�HZ�HU�P7HK�76:��HUK�[OL�L_JS\ZP]L�\ZL�VM�7*0�+::�JVTWSPHU[�OHYK^HYL��0TWSLTLU[PUN�IV[O�VM�[OLZL�measures will ensure that both the merchant and the consumer are protected.
5. The Bottom Line:Choosing a safe system
9L]LS�:`Z[LTZ�P7HK�76:�^HZ�MV\UKLK�PU������PU�:HU�-YHUJPZJV��*(�^P[O�[OL�NVHS�VM�JOHUNPUN�[OL�WVPU[�VM�ZHSL�THYRL[��-V\UKLYZ�3PZH�-HSaVUL�HUK�*OYPZ�*PHIHYYH�KL]LSVWLK�H�X\PJR��PU[\P[P]L�HUK�secure iOS-based point-of-sale system by combining cloud-IHZLK�[LJOUVSVN`�HUK�[OL�TVIPSP[`�VM�[OL�P7HK��9L]LS�:`Z[LTZ�software offers a feature-rich POS solution for restaurant, retail HUK�NYVJLY`�LZ[HISPZOTLU[Z�^P[O�PU[LNYH[LK�WH`YVSS��PU]LU[VY`�tracking, customer relationship management and more. With the PU[YVK\J[PVU�VM�[OL�9L]LS�4HYRL[WSHJL��9L]LS�P7HK�76:�\ZLYZ�JHU�now integrate directly into third-party enhancements, including mobile payments, online ordering, gift or reward cards and HK]HUJLK�ÄUHUJPHS�ZVM[^HYL�Z\P[LZ��
About Revel Systems
Connect With Us:
Web: YL]LSZ`Z[LTZ�JVT)SVN! YL]LSZ`Z[LTZ�JVT�ISVNTwitter: '9L]LS:`Z[LTZPhone:�������������
