Why and how you should conduct a POS device audit at your business
Tips / 23.09.2021
The Payment Card Industry Data Security Standard (PCI DSS), launched by the likes of Visa, Mastercard and other payment brands and acquirers in 2006, is a set of industry standards, rules and regulations for acquirers who process payments for merchants and subsequently their customers.
With PCI DSS compliance, although not entirely fool-proof, merchants and their customers can rest assured that payment data which they process is safe and secure.
We at myPOS are pleased to announce that we have re-certified and are PCI DSS compliant for the previous one-year period, valid until 13 October 2021, while we are in the process of obtaining certification for the following one-year period.
As part of PCI DSS compliance, merchants are advised to take several precautions in terms of ensuring that their POS device is safe, free from tampering and secure for their clients.
So, how can you ensure you do this? It’s easy – you can do an audit and implement interview processes for the staff at your business. Here are some more details about this.
Starting with the audit, it’s a critical step in ensuring that your POS devices are secure and shows that you are taking steps to prevent data loss and breaches.
What’s a POS audit?
As part of PCI compliance, it’s necessary to ensure the security of your POS devices. To do this, you need to compile a comprehensive list of all your POS devices as well as where they are located in your store. Some information that you need to consider adding to your list includes the make, manufacturer and the model; the device’s serial number; and the device’s location.
Other parts of the audit process include an inspection of the physical device. For example, check the device’s surface to detect whether there has been tampering. In addition, you need to check whether any hardware such as card skimmers have been attached to your POS device by an unauthorised person. Furthermore, consider checking whether the device’s serial number is intact and that it has not been swapped with another fraudulent device. Training your employees to undertake similar audits will help boost safety at your business. You will also need to constantly update your list and ensure it is kept up to date, especially if you have added a new device, relocated, decommissioned a device, etc.
The steps in the device audit process include the following:
- Regularly update the software on your device to prevent data loss
- Check that the stickers on the device have not been tampered with or are not damaged
- Take photos of your device(s) to enable you to compare them with any possible changes to the device in the future
- Ensure that no new cables or hardware have been connected to your POS terminal
- If you have video surveillance at your business, you can check the footage regularly to ensure no unauthorised persons have been near the POS terminal and to monitor for any suspicious activities
- As a final check, do a thorough visual inspection of the device to ensure it has not been tampered with
- Any suspicious behaviour near or around your POS device needs to be monitored and reported to myPOS
In the event that your POS device gets lost or stolen, you should do the following:
Write an email to myPOS Customer Support at email@example.com while copying in firstname.lastname@example.org and answering the following questions:
- What is the model and serial number of the missing terminal?
- Where was the terminal lost or stolen?
- How did this happen?
- How did you discover the terminal was missing?
- Was the terminal in active use, or was it still in its packaging with intact security seals?
- If you suspect theft, did you file a police report?
- If yes, attach a copy/scan of the police report to the email;
- If no, file a police report and send it to us as soon as possible.
- What actions have you taken to prevent this from happening again?
Protecting your POS device from unauthorised use is vital to ensuring the card details of your customers remain safe and secure and used for authorised purposes only. One way of protecting your device is by conducting regular audits of your POS hardware to prevent data loss and breaches and to ensure your device is not tampered with. Creating a list of your POS terminals with supporting identifier information is the first step to safety.
The second step is constant vigilance and monitoring by both you and your staff to help you prevent any security breaches that can be costly and difficult for your business to overcome should you end up being a victim of a data breach. By following the above-mentioned steps, you’ll ensure you keep yourself, your staff and your customers safe in the future.