Guests want POS experiences that are fast, seamless and highly secure. Payment industry requirements ask us to maintain ever more layers of data security protocols. While we can all agree that POS security measures are an important part of operating a business, there are a few steps operators can take to help keep guests happy with frictionless service while protecting their businesses from a data breach. In today’s blog, we highlight a few best practices.
Protection with EMV
Fraud risk will vary from business to business, and the decision whether to implement EMV can be made gradually depending on the overall business risk. For most, retail and gift card sales are critical areas to protect as they are generally more vulnerable to fraudulent activities. These are typically the first areas to make the EMV migration.
The operational impact of EMV can also depend on how it’s implemented. Chip & Signature workflows, most common in the US, providing the least friction to the business - and the guest purchasing experience - since the mag-stripe ‘swipe’ is simply replaced by the EMV ‘dip’. Some businesses using Chip & Signature EMV can migrate overnight with little impact to their operations.
Choose Your POS Carefully
Before embarking on your next POS system purchase, payment security needs to be at the top of the feature list. Not all POS systems can adequately support card data security. In fact, many all-in-one systems are vulnerable to a variety of attack scenarios as the card data may be in plain text within the POS system. Look for POS technology that’s P2PE (point-to-point encrypted) as it encrypts data at the payment device and the sensitive card details remain outside the POS.
Update your Hardware
Another important first step is to ensure payment hardware is up-to-date. Many PCI auditors advise using validated P2PE payment device technology for all mag-stripe and NFC transitions.
Card data is always a target for fraudsters. The risk of a breach for unsecured businesses is steadily increasing as many companies are beginning to lock down their systems and data. To mitigate the risk of a data breach, a PCI-validated P2PE payment gateway technology works by “eliminating” card data from the POS altogether. With the data encrypted from the payment device to the gateway, the hospitality industry benefits from reduced overall risk of data breaches.