Skip to content

Security of Your POS Systems


Point of sale (POS) systems have always been relatively secure, as they were often simply tills or card readers that connected to an on-site internal network. Recently, as the systems have gotten more advanced as well as more off-site, concerns have been raised about the security of important financial information, both the customer’s and the company’s.

Recently, most discussion about POS systems has been in relation to the security breaches at several major retailers across the country over just the past few months. It appears that many were simultaneously hacked in the same way and many more may be discovered, if the past few months are any indication.

For everyone involved in buying or selling products, proper security measures are of paramount importance. So far, for every concern there is a solution available or in the works that appears to be addressing it and making the system, as a whole, better.

Problems and Solutions

Virus Prone Point of Sale Software

The Problem

Certain operating systems are more prone to viruses than others. That’s not a judgment call, that’s simply a fact. No matter if it’s your home computer or a POS system at a retail chain, a virus, key-logging program or other manner of hacking can cause massive damage and allow important information to get into the wrong hands.

The Solution

Your first instinct might be to disconnect your store from the Internet entirely. Unfortunately, this isn’t a feasible or fiscally responsible option, because your company’s growth will still be greatly affected by its ability to traverse the digital landscape quickly.

Fortunately, there are multiple ways to address this problem. The first, and most common, is to fit your system with anti-malware software. While it’s not a fool-proof plan, it’s certainly a start and it’s a way for your system to find out if something is acting like malware before your IT people go in and check it for themselves, because it’s often too late by then.

Another way of protecting your business is simply to restrict access to your network through the network and only allowing certain terminals to send information. If you’re allowing every single terminal in your system to transmit to the Internet all the time, then you’re opening tons of backdoors and opportunities for targeted attacks.

Also, it’s important to never forget the power of good password protection. And no, “Password” is not a good password. Although passwords are easier to break through than other forms of security, it may allow just enough time for the attack to be noticed and squashed. But your system shouldn’t just rely on a series of passwords. Your system needs to make it not worthwhile to use a brute force attack on your front door by only allowing a certain number of tries before your system shuts the terminal down to access for a certain amount of time.

Although none of these solutions are foolproof they are able to quickly be implemented and make your company significantly harder to attack.

Only the Retailers Are Responsible

The Problem

When you hear about each of these attacks you only hear about the places that performed the transactions: Target, Neiman Marcus, Michaels. Who you’ll never hear about is the hardware or software providers, or even the cloud that information may have been transmitted to. Although customers know the stores when they hear their names, no man (or company) is an island, especially in the Internet age.

The Solution

Now, and in the future, many companies will take responsibility for different facets of the system, leading to more accountability. When companies are more accountable for POS system security then they are likely to do more to protect the systems, especially when it’s their business on the line as well.

This responsibility and connectivity doesn’t just stop at the retailers and the system developers, the responsibility of security has also has been extended to credit card companies. This is especially true if the retailer is using approved, up-to-date technology. In these cases, the credit card companies will foot some of the bill for what happens if valuable data is stolen.

Many, Many Mobile Devices

The Problem

With many cloud-based POS systems many people can be connected directly to the cloud or the POS software itself. This means that there are more doors and windows for hackers to claw their way in and that, obviously, means more ways that the system can fail.

The Solution

You may think that you only have one choice to protect your business from the plague of simply having too many users: stop allowing mobile devices to access your system. Today, that simply isn’t a viable option for many businesses. There are simply too many reasons to use a cloud based POS software system like Shopify, especially if your business is state or nationwide.

A simple solution is to only allow specific machines to access your network. This is just like having a key to your own storage locker. It’s not a foolproof plan, just like a thief with skill at lockpicking can get into your storage locker, but it makes your system that much safer from amateurs or those who don’t want to spend the time.

Another way to protect your business, while still allowing freedom and mobility, is to encrypt any data that is on an external hard drive or mobile device. This can include having the files themselves (or even the drive or folders) encrypted individually, requiring a decryption program to access them easily. It can also simply mean that you have your IT people set up safeguards, password protection and other measures on mobile devices, so that they are not as open to attack.

Finally, it is important to invest in a program that can remotely wipe any mobile devices that you have. This should only be used as a last resort if a device is completely lost, stolen, or otherwise irreversibly compromised. These are relatively easy and cheap for your business to get and look like a great investment when you compare it to having customer data stolen. Also, if you need to have a conversation with a customer there’s a safe bet that “we wiped out your data to protect you against a possible security threat” is a much better conversation to have than “your credit card information may have been stolen.”



My name is Derek, and I have my Bachelors Degree in Finance from Grand Valley State University. After graduation, I was not able to find a job that fully utilized my degree, but I still had a passion for Finance! So, I decided to focus my passion in the stock market. I studied Cash Flows, Balance Sheets, and Income Statements, put some money into the market and saw a good return on my investment. As satisfying as this was, I still felt that something was missing. I have a passion for Finance, but I also have a passion for people. If you have a willingness to learn, I will continue to teach.

Related posts