Retailers have been preparing for the holiday shopping season for months, from planning mobile and omni-channel strategies, to testing holiday readiness. But there is still one big area to plan for that spans both the physical and digital retail world: security.
The Retail Cyber Intelligence Sharing Center (R-CISC), the Financial Services ISAC (FS-ISAC) and the U.S. Secret Service recently released a report outlining some of the techniques cyber criminals could pursue to get to retail point-of-sale (POS) systems, and the security best practices retailers should implement to secure their environment before, during and after the holiday shopping season.
Based on this report, here are my top 5 tips for every retailer to follow in order to keep their POS secure during the holidays and beyond.
- The Network – Ensure your POS system has a firewall or proxy installed for protection, and that it operates on a separate, protected network. You also want to deploy an intrusion prevention system (IPS) and ensure that any access to the network, especially through the VPN, is done through the IPS with up-to-date authentication mechanisms.
- Encryption – Know what data you have at rest on the POS terminal and ensure that information is properly encrypted. Consider encrypting card and PIN information before it even reaches the payment terminal memory, as well.
- Anti-virus and Anti-malware – Though running anti-virus software can catch older malware, sometimes it needs an extra boost. Consider adopting anti-malware detection software, as well, to scan your network for suspicious behavior that an anti-virus solution may miss.
- Physical Security – Sometimes the threats aren’t all online. Train your store associates to know what type of suspicious in-store behavior to watch for, especially as it relates to physical changes to the POS system, such as unwanted connected devices, like USB sticks or skimmers. Have an action plan in place if one of these devices is spotted.
- Buddy System – When considering an update to the payment processing system, follow the buddy system: require two or more employees to review and approve the changes before they’re put into action. Consider also implementing a multi-factor authentication for employees involved in managing and updating applications that protect customer data.
To be truly ready for the holiday season, remember to plan for both your physical and digital security. And these 5 tips are a great starting point.
If you’re interested in reading the full “Protecting Merchant Point of Sale Systems during the Holiday Season” report, you can download it here.