Mobility or security for payments: can you have both?
At a time when customers are demanding ever more flexibility, the need to accept secure card payments from anywhere and at any time is growing, and mobile point of sale (mPOS) systems offer the perfect solution. They are mobile devices, such as mobile payment devices and tablets, that act like a cash register and process card payments. They offer cost effective alternatives to small businesses that don’t need or want complex systems and create new opportunities for all businesses by opening up potential to take payment devices to customers – reduced time to sale means less time for your customers to change their mind.
But, and this is the case whenever technology and payment details are concerned, there is always an element of risk; criminals and hackers are forever searching for new ways to get hold of customer data. Security is, therefore, of utmost importance when it comes to POS systems, especially when they’re mobile. Mobile devices are venerable themselves and being multipurpose, they often have applications that could compromise security. There is also an increased element of trust with mobile devices.
Security is increasing all the time, but there are a number of things you can do to ensure your mPOS security is as high as possible. For one, it is important to make sure that your business is Payment Card Industry Data Security Standard (PCI DSS) compliant; summarised here are a few other security points to be aware of.
Point of interaction (POI) device
Ensure that your mPOS system uses a secure mobile payment device that is approved by the PCI council. This means choosing a card reader that includes a personal identification number (PIN) entry pad or an encrypting pin pad (EPP) and avoiding devices that use magstripe technology or involve entering PINs directly into the mobile device.
Point-to-point encryption (P2PE)
Encryption is key to ensuring card payment security. When a payment is made, card information is sent from the payment terminal over the network to the bank and back again. Encryption encodes the data making it inaccessible without a key, and thus useless if intercepted. There are different types of encryption, but with point-to-point encryption (P2PE), data is encrypted before reaching your bank and is not stored on your mobile device, which reduces scope for security breaches as, for example, even if malware on your device tries to access data, it is unusable.
Secure mobile device
Just like computers, mobile devices are susceptible to malware and viruses, so security should be a priority, but even more so when it comes to mPOS. Ensure all operating systems and software are up to date and that the technology itself is fit for purpose; older technology may not have the same level of security as newer devices. Make sure that all security functions are on and that high specification, real-time virus and malware protection are enabled and up to date. Full disk encryption on all mobile devices used with your mPOS system can also help to protect any data stored on the device, as will disabling unnecessary applications.
The very nature of mobile, means devices are easy to move around and thus are more likely to get lost or stolen than other POS systems. This can be limited by storing devices in a secure location, but even so, make sure there is a plan in place just in case. Have device details written down for reporting purposes and consider setting up remote wipe functions.
Know who is using your mPOS
Whether you have one mobile device or multiple, it is essential to keep track of where they are and who is using them, which can be done using mobile management software. If one device has multiple users, consider setting up user specific log-ins, like finger print authentication, and monitor use. Keep changing passwords and keep on top of user accounts, removing access when no longer required.
Watch what you download
Finally, be sensible when using your device. Don’t click on links that look suspicious or that could be malware and only download and use authentic applications – fake ones do exist that will compromise data security on your device.
Check your devices
As well as going missing, card readers and mobile devices can be tampered with, so check devices regularly for signs of damage. Minimise opportunities by not leaving them lying around and keep them in a secure location when not being used. This can be an issue with charging as it can be difficult to keep them secure whilst plugged in. But, this isn’t a problem for MePOS. A specialised docking station enables you to secure your devices to the charger using a radial pin lock, so they can only be removed by someone with a key. Tablets and card readers are also clipped together, so paired devices don’t get separated. See the MePOS Mobile and 5 Way Charging dock for other security features of the MePOS mobile system or get in touch to find out more.