Secure POS System Tips
Choosing the right point-of-sale (POS) system is key to a business’s success. While factors like type of POS system, features, cost and limitations are all important considerations, it’s easy to overlook one of the most critical aspects of using POS systems: security.
Understanding POS security isn’t for the faint of heart. Not only are regulations complex, but keeping up with changes is a whole other beast. As a small business owner, however, dealing with POS security is a necessary evil if you want the convenience and benefits of accepting credit cards.
To help you make sense of POS security and better protect your business and customers, we asked experts to share their tips on what to look for in a secure POS system.
1. Is the POS system PCI compliant?
The first thing to look for is whether your new POS system meets the required regulations for accepting credit cards.
The first thing to look for is whether your new POS system meets the required policies for accepting credit cards. For instance, new credit card regulations require merchants to have EMV chip-enabled POS systems by Oct. 15. [Learn more about EMV].
There is also a huge change happening soon. Starting June 30, businesses are required to comply with version 3.1 of the Payment Card Industry Data Security Standards (PCI DSS). These new PCI 3.1 standards are mandatory, and any business that fails to comply could face steep penalties. Although vendors have taken the necessary measures, it’s your responsibility to make sure your business is truly compliant.
“Any business that accepts credit card payments for goods or services must be PCI compliant,” said Tony Ciccerone, a Detroit-based territory manager for Heartland Payment Systems. This means that in addition to following the Payment Card Industry Data Security Standard (PCI DSS) rules for credit card processing, your POS itself must meet PCI standards for merchants.
This is important because if your customers’ information is leaked, you could be on the hook for financial damages, even if your company uses PayPal or some other third-party service provider to process your credit card transactions, said Vikas Bhatia, founder and CEO of cybersecurity firm Kalki Consulting. “Make sure to ask your service provider for proof that they passed their PCI DSS evaluations,” he said.