You might have seen these POS systems at your local grocery or supermarket. When you complete your shopping, the store personnel will swipe your items at the billing terminal and bill you. You can pay for your goods with cash or card but most people prefer card for large amounts. This is a scenario that literally happens everywhere all across the world. Most customers and the storeowner assume that the transaction is completely secure and they are right to think that. After all, the transaction involves sharing customer data, banking information, and personal data through an internet connection.
That is Not What Happened to Target
As we all know, Target is one of the largest supermarket chains in the world. Target customers were under the assumption that their credit card data was safe as they were billed at the cash counter. However, late April, the retail giant was struck with hacker attacks.
The company discovered (too late it would seem) that their POS system had been hacked and customer data was on sale at several underground cyber hacker websites. At the time of writing, several other retailers were waking up to find that their own POS systems had been hacked by the same cyber criminals. Target CEO Gregg Steinhafel had to resign, as he was held solely responsible for not ensuring that customer data was POS system security was up to date.
Why Does This Affect The Business World?
Although cybercrime is not new, customers relied on large multinationals like Target to use state-of-the-art security systems to protect their data, said Watch Guard Security Center. These thefts happened at brick-and-mortar stores due to security mistakes that happened at the store. Affected customers had to deal with a whole slew of financial problems and they demonstrated their dissatisfaction by avoiding Target stores. The company saw a 30% drop in business due to this simple error.
Now, for a large company like Target is inconsequential but imagine this same situation happening with a small business like yours. POS vendors like Shopify make sure to update their hardware and software to ensure customer safety but there is chance that something may go wrong. As a retailer, it is your duty to be careful and implement simple data security measures in your POS to protect your business and your customer’s data. A few immediate security measures recommended by security consultants include the following.
- Look at Your Own POS System – As the recent attacks happened at the POS level, you should update your POS system immediately. Most vendors update their systems regularly with state-of-the-art security measures but you should check to see that your system is updates. One major problem that will crop up is in Windows XP Systems. Many POS systems may be running on top of Windows XP, which will be going ‘end-of-support’ by end of 2014. In that case, these POS systems may start malfunctioning or demonstrate security loopholes. Migrating your systems away from XP may be necessary to protect your business.
- Check the Service Level Agreement – At the time of purchase, retailers have to sign an agreement with the service provider. The agreement provides a degree of protection to the business owner in case of a breach. The SLA will also contain detailed information about security measures implemented by the POS vendor. As the business owner, you can also ask for additional measures to ensure that your customers are safe.
- Check Staff Behavior – Sometimes the mistake is due to staff internal behavior points out Solution Providers for Retail. Negligence of the IT staff and store staff can result in a compromised network that leads to a security breach. This is particularly true in the case of a Wi-Fi enabled store in which roving staff have access to their own personal tablets, flash drivers, smartphones and PDAs. These devices can be used to access store customer data or the store server and it will cause security problems. To prevent this from happening, it might be necessary to ensure a separation of duties. Staff should not be allowed to browse the network, open emails or send emails fro devices that are used for POS billing.
- Educate User Staff – Cashiers are usually the people who handle cards, using the billing terminals and complete the payment process. Training them to be vigilant can make a significant difference to your POS security. Your POS vendor may hold training sessions that will teach your staff to recognize signs of malware, adware and spyware.
No one can survive a similar attack like the one that affected Target cautions Forbes. As a result, a few simple precautions can be vital to ensure data security both at the store and while it is being transmitted for billing. Evaluate your POS system right away, talk to your vendor and install any new security updates that they recommend to ensure that your business remains up and running.
Share small business news, blogs and social media tips with Project Eve’s community of small business owners and entrepreneurs today. Our contributors come from a wide range of backgrounds; so whether you are a small business owner, social media strategist, financial adviser, serial entrepreneur, or write an amateur blog we urge you to contribute a blog to our 500,000+ community today. For more information, please refer to our Content Submissions Guidelines.