Securing POS Terminals
Recent high-profile incidents have raised awareness of the importance of heightened attention to security when implementing remote access in an environment with POS terminals.
To keep your data and terminals secure, follow these guidelines:
- Only your POS app should be allowed to access the Internet – Do not allow staff members to access email or the Internet from sales terminals
- When running a POS system in kiosk mode, make sure there is no way for malicious users to return to the full operating system, for example via hidden hotkeys
- Lock down POS terminals so the command prompt and start menu are not accessible – If users cannot access a command prompt or other field to enter commands, a malicious keyboard attack is not likely to succeed
- Use an endpoint protection product to lock down USB access – USB devices should only be allowed with special clearance
- Make sure POS terminals have only limited access to central resources (for example, a small DMZ for data collection)
- Only "essential personnel" should have access to POS terminals
- POS terminals should be on their own network, not on the same network as the rest of your establishment
- Guest wireless (WiFi) and security systems should never be on the same VLANs as POS terminals
- Harden your firewall and router – an improperly configured firewall or router is only slightly better than no security at all
- Track any instances of your POS terminals trying to connect to external IP addresses – even a simple DNS query can be a sign of malicious intent
- Use endpoint protection (AV, whitelisting, etc.)
- Secure your strong passwords
- Stay aware of current malware or virus epidemics