POS devices and their usage have become an integral part of every customer facing business. While they provide an ease of making transaction payments, maintaining a hygiene around these crucial devices is also necessary. With COVID-19 crisis around the clock, the risk of getting affected has quadrupled and with masses inkling more towards the user of cashless mediums to make payment, merchants are facing an increasing challenge in protecting the safety of their customers. These uncertain times requires an increased awareness about the potential risk associated with the touching the payment terminals.
The PCI SSC Council recently shared an article addressing the needs to maintain the POS hygiene and listed down some considerations to be undertaken by the merchants to maintain the security and cleanliness of the POS devices.
Prioritizing Internal Security for Hygiene
While POS devices are more customers facing, the employees handling the devices are prone as well to exposure. In such situations, access to POS devices can be reduced to specific individuals rather than the entire on-shift employees. POS vendors provide internal security feature to segment the managing staff based on multiple criteria.
Promoting Contactless Transactions
Contactless cards prove to a safe payment method for transaction, since they don’t require any physical interaction between the customer and the POS device. Owing to these many countries across the world have increased the maximum value for transactions by contactless or non-PIN means. These methods greatly reduce any physical interaction required for payment. Merchants are encouraged to contact their processor or acquirer to investigate the use of these techniques.
Hygiene of Payment Terminals
POS systems are quite an investment. The increasing pandemic further adds to the need of them to be regularly sanitized. However, many merchants use the same old methods of cleaning the devices by means of spraying disinfectants directly on the keyboard before wiping it. These leads to reduced lifespan of the electronic device.
The vendor’s instruction can come in handy at times like this since the device making varies from one vendor to another. Also, many keypads are not designed to be watertight and hence disinfectants sprayed on can damage the sensitive hardware. Keypads should be wiped gently, also in times like these, customers should be provided with a wipe and sanitizer.
POS Overlays:Precautions and Hazards
Use of Overlays has been seen as means to protect the POS devices from the spray and disinfectants. However plastic wrapping adds an additional layer of risk to the PCI PTS approved devices.
Overlays can be used to capture the card and PIN data from the ATMs and POS devices. By placing an overlay containing an illegal card reader or wires over a card, the customer data can be recorded, along with skimming or hiding of tamper evidence. Only a small degree of opaqueness is sufficient enough to slip or conceal any wire or sensor with malicious intent.
Owing to these, the use of overlays poses a securityrisk to both the merchants and consumers. The use of these on the operations device may also affect the PCI device approval. Its advisable that merchants should consult the acquirer regarding the used of overlays during these crises.
QRC’s Awareness Program
QRC has been creating awareness among the Payment Card Professionals regarding forming and putting down the best practices in use in their daily operations regularly. Being awareness of the various possible threatscape can prove to be vital for any organization is safeguarding any losses due to data breach that might lead to loss of reputation and resources.
2nd May, 2020 | POS Device Security | Posted by
Tags: POS Device Security,