POS Security. It’s Everyone’s Responsibility

Security Card payments - VeriFoneAsk three people which method of payment is more secure–cash, credit or debit–and you’ll likely get three different answers, each offering valid points on why one payment method is more secure than the other. And this topic has been discussed for years now with no real winner. What IS clear, is that neither cash, nor credit and debit are going away any time soon. Despite whatever security issues exist, the benefits from being able to use a particular currency outweigh the risks.

In the payments business, security awareness is simply part of the business. VeriFone has a member of the PCI Board of Advisors for many years and based in part on that work, we have helped develop more stringent security requirements for point of sale (POS) and PIN pad payments systems. And then we go beyond those requirements and build in additional safety features.

But the reality is that there is no security feature quite as good as a little common sense with a healthy dose of Best Practices built in. In a perfect world, every merchant would be on a first-name basis with his services provider—be it bank or merchant services company. And before anything was ever done with said merchant’s POS, there would be phone calls and signatures and checks and triple checks to make sure everything was done neat and orderly and by-the-book.

In today’s hectic retail environment, often that level of process is difficult to achieve. With high-staff turnovers, peak in-store traffic times and often just plain old apathy, in-store security slips and one day nobody is quite sure what happened to “Spare POS #3” that was sitting on the shelf in the back of the store. But maybe we can help with the day-to-day security merchants are responsible for.

We have developed a checklist of things that merchants can do to protect their payment systems (and themselves!), which are easy to implement, easy to keep track of, and they work. Below is a peek at the top two and then we invite you to click the link below to access the full document:

Best Practices for PIN PAD and POS Security
1. Perform daily visual inspections of every device, looking for potential signs of tampering. These signs could include:

  • Damaged or altered tamper seals
  • Missing manufacturer labels
  • Missing or damaged screws
  • External wires
  • Holes in the device casing

2. Store spare devices under lock and key to prevent unauthorized removal. Incorporate a shift change procedure to validate the inventory of devices after every shift to ensure none have been removed.

Simple right? Usually the best things are. These and many more tips for securing your POS can be found on Slideshare in our newly updated “Payment Security Best Practices” document.

About Chris Souther

Digital Marketing & Social Media Manager After spending four years in the U.S. Air Force as a telecommunications technician, Chris shifted gears and started focusing on a career in Marketing & Communications, where he has been lucky enough to work with some of the world’s best known brands. Chris currently manages Social Media marketing here at VeriFone. If you communicate with us over Facebook, Twitter, Google + or Linkedin, you’re probably talking to Chris.

Comments

  1. Cash payment is more secured than other methods. As soon as I start a card payment I share information with someone (the merchant) or something (POS or web site). It’s like a secret, when you share it it’s no longer a secret…

    • We also believe cash will be around for a very long time. Cash is always PCI complaint. Great blog post Chris!

    • Yes, but I can’t pass anything larger than a $10 bill without the clerk writing on it with their special pen that detects fraudulent currency. So…all payment forms have their detractors.

  2. hello
    I want to know how to remove the error message VX520 TPE (tempering detected).

    • This isn’t the place for technical support (you’ll need to contact your bank or equipment provider), but we typically see that error when someone has tried to tamper with the case (drilled it, or pried it open). To my knowledge, it cannot be fixed and that is by design, to prevent card fraud. Please reach out to whomever provides your account services for assistance.

  3. What does VeriFone do to insure that the POS systems they interface with are PCI compliant? Is it enough that the interface you offer tokenizes the CC number and encodes customer info that may reside on the POS system while the transaction is taking place.? is the POS system PCI compliant then as far as VeriFone is concerned?

    • Good question David. We have been PCI compliant for a while now. VeriFone’s encryption solution, VeriShield Total Protect, comprises two solutions (encryption and tokenization) to secure cardholder data. At the point of capture (swipe, scan etc.) card-data is encrypted so that unencrypted data never traverse either the POS or the merchant’s network. It stays encrypted (and PCI compliant) until it is decrypted, typically at the processor. For those merchants that want to store transaction data, for loyalty purposes, chargebacks, etc. our tokenization converts card data into unusable and completely different. So even if they store it, they are still within PCI compliance.
      The PCI assessor, CoalFire, assessed our PAYware Mobile product, using our encryption and certified that it is PCI compliant. You can read the Press Release on it here: http://global.verifone.com/company/press-room/press-releases/2011/assessor-validates-verifone%E2%80%99s-payware-mobile-enterprise-compliant-with-payment-security-requirements
      http://www.verifone.com/company/resources/white-papers

Leave a Reply

Connect with:

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>