HP Technology at Work

The must-read IT business eNewsletter

4 ways to keep your POS secure

4 ways to keep your POS secure

May 2015

Big data breaches from big businesses dominate the media headlines, and for good reason. 70 million consumers were affected by the Target hacks in late 2013 [1], and 53 million were affected by The Home Depot breach in 2014 [2].

But here’s a headline you probably haven’t read: Visa estimates that 95 percent of the credit-card data breaches it discovers happen to its smallest business customers [3]. And those breaches cost an estimated $201 per affected record for the small and medium businesses affected [4].

What’s a business to do? Not accepting payment for services rendered is clearly not an option. But you don’t have to leave yourself vulnerable, either. Here are four point-of-sale (POS) security tips you should be following to help keep your business—and your customers—safe.

1. Secure the OS
While it’s tempting to think of POS solutions as secure black boxes that never need to be touched, the reality is they’re just as vulnerable to threats as your PCs or notebooks. That means you need to take the same security precautions—such as installing antivirus software—that you do with your other network-connected devices.

Windows-based tablets like the HP ElitePad 1000 offer the added assurance of HP Client Security features like HP BIOS Protection [5] and Microsoft Defender [6] to automate data protection and help reduce downtime for employees and IT.

2. Be compliant
More than just a good set of guidelines, the Payment Card Industry Data Security Standards (PCI DSS) are the rules every merchant must meet for credit card processing. If you aren’t in compliance, you could be on the hook for financial damages from leaked data. Yet more than one in five retailers (22 percent) are not PCI DSS compliant, and an additional 14 percent don't know if they’re PCI compliant or not [7]. Find out if you are, and stay compliant to minimize your liability.

Before purchasing a POS system, it’s also important to ensure the POS hardware itself meets PCI standards for merchants. Solutions like the HP Retail Case offer universal PED (PIN Entry Device, or mobile payment terminal) attachment slots for plugging PCI-compliant devices into the HP ElitePad.

3. Keep up
Even after you’ve purchased a POS solution, PCI DSS standards, viruses, and emerging threats are constantly changing. To stay ahead of vulnerabilities, schedule regular audits of your systems to be sure you’re up-to-date. And before you upgrade, make sure your solution provider regularly updates the system.

HP has been serving retail customers for over 40 years, and remains at the forefront of security with software suites like HP Client Security. This suite of tools includes Security Manager, Credential Manager, and Drive Encryption modules to help keep your business secure.

4. Consider your options
There are a number of additional advanced security measures your business may want to consider:

  • P2P encryption: Also called end-to-end encryption, this security measure addresses risk by encrypting all the payment card data before it even gets to the POS.
  • 2-Factor authentication: HP ProtectTools with Multi-Factor Authentication allows any combination of password, smartcard, and biometrics to enhance multi-user pre-boot security.
  • Active network monitoring: This tactic can help spot suspicious behavior before more user information is leaked by injecting test traffic onto a network and monitoring the flow of that traffic to detect leaks.
  • Isolating networks: POS systems are often connected to many other systems, exposing them to unnecessary risk; you can decrease that risk by restricting connections to payment data flows.

The consequences of lax point-of-sale security, especially for smaller businesses, can be stark. Among businesses that experience a breach, 60 percent go out of business within six months [8]. But with a few simple steps—combined with secure solutions like the HP ElitePad Mobile Retail Solution—you can both avoid the cost of breaches, and provide your customers with the convenience and efficiency they want and you need.

Learn more about POS solutions
The perks of mobile POS
Shop HP mobile retail solutions
Shop HP retail solutions

[1] Target, Target Provides Update on Data Breach and Financial Performance, 2014.
[2] The Home Depot, The Home Depot Reports Findings in Payment Data Breach Investigation, 2014.
[3] The Wall Street Journal, Hackers Shift Attacks to Small Firms, 2011.
[4] Ponemon Institute, 2014 Cost of Data Breach Study: United States, 2014.
[5] Internet access required.
[6] HP tools partition with HP BIOS required for automatic recovery.
[7] Fortinet, SMB Retail and Security Survey, 2014.
[8] Experian, Data Breach Case Study of Lessons from the Field, 2013.