Posts Tagged ‘data theft’

3 Ways to Ensure Better Restaurant POS Security

September 26, 2014

The hospitality industry has held the dubious honor of having the highest number of data breaches among all industry segments in 2011 and 2012, and fell only marginally behind the retail industry in 2013. Point-of-sale (POS) systems have proven to be particularly easy targets for criminals to mine customer data. It is critical that restaurant owners take preventative measures to avoid these breaches in data security. Here are three ways to minimize the risk that your POS system will fall prey to thieving minds.

Enact Strong Password Policies and Restrict Remote Access

The simplest of POS security measures start with smart password policies and the restriction of remote access to the system. One of the biggest problems with hospitality data breaches in 2013 was actually stolen vendor credentials—typically because the vendor was using the same password for all of the organizations it managed. For this reason, it’s wise to limit remote access by third-party vendors to your restaurant’s POS system. Make sure that you have changed all passwords used for remote POS access away from the factory default and pick passwords that would be impossible to guess. Do NOT use the names of your POS vendor, dictionary words or anything else that a computer program or smart hacker could easily stumble onto. If a third-party is handling your passwords, ensure that their password policies are equally as strong, and more importantly, that they use a unique password for every customer.

Be Smart About Maintaining Restaurant Customer Privacy

When it comes to customer privacy, it’s vital that the POS terminal truncates card numbers and is only showing the last four digits on receipts. Do not store PIN numbers at all, anywhere. Store customer account and personal information in separate places and keep both under tight lock and key. Don’t ever send customer information over email or any other unsecured gateway. Last, but not least, never store CVV card validation numbers anywhere.

Ensure Best Online Security Practices for Your Restaurant

First and foremost, do not allow your POS system to be used for anything else other than POS-related activities. Do not surf the web, check your email or social media, play games or do anything else on the POS system. This goes for both you and all of your staff. Every place that a POS system visits online increases its risk of data breach. Don’t risk it.

For that matter, you’ll also want to ensure that all online access to your reporting or POS management system is encrypted with an SSL certificate. Without an SSL certificate, any computer between you and the server you’re sending the information to can see the data being sent. With an SSL certificate, the data is unreadable to everything except for the server for which it is intended.

Data breaches and restaurant customer security should be taken seriously. Data theft is one of the most prevalent crimes we face in our day and age. These measures will go a long way toward ensuring that your restaurant’s POS system is as secure as it can possibly be, and along with it, your customers’ information and your restaurant’s reputation for handling that information.