News By Tag
* Point Of Sale
* Restaurant Pos
* Restaurant Point Of Sale
* Restaurant Pos System
* Pos Systems
* Restaurant Pos Equipment
* More Tags...
* Restaurant pos
* Point of sale
* More Industries...
News By Location
The Challenge With PCI Compliance
Here some useful information about the challenges you may face when it comes to PCI Compliance. If you think that your business still isn't ready, you can always a restaurant point of sale system professional serving your area.
On credit card commercials, we can see a line of dancing shoppers merrily swiping their credit cards, from store to store, and exalt how convenient it is to use, they don't stress out the very real risk of identify theft at the cash register.
Monica Chauhan, director of embedded solutions for Solidcore (www.solidcore.com)
Locking it Down
These Point of Sale systems, if not properly locked down, can be vulnerable to attacks. For decades now, these embedded devices consisted of specialized hardware running proprietary software, but in recent times, where Unified Point of Sale (UPoS) shifted the retail industry standards.
“Standardization has enabled devices to become increasingly interconnected and has allowed for the use of off-the-shelf software on commoditized hardware running commercial or open operating systems, such as Windows XP Embedded, WEPOS (Windows Embedded for Point of Service), and Linux,” Chauhan observes.
According to Chauhan, greater system flexibility and quicker development time has created security risks for POS equipment owners.
Robert J. McCullen, chairman and CEO of Trustwave (www.trustwave.com)
“A little dial-up swipe machine is a low-risk device,” McCullen says. “POS equipment more prone to vulnerable exploitation are those that are computer-based and/or have Internet access; the risk lies in those two prime factors.”
According to McCullen, if a POS system stores credit card track data, exploitation can occur, and swipe terminals can be exploited through tampering.
“Generally, hardware swipe terminals have low exploit risk, rather a higher risk of tampering, and thus the tampering will allow hackers to read the cards, whether through a Bluetooth device used later to get the card data or other efforts to retrieve the information,”
Chauhan points out other vulnerabilities. She claims that because today’s POS systems are similar to networked PCs, they require constant patching. Chauhan says embedded systems have also become susceptible to attack through changes that are unauthorized and inappropriate as they are handed off to others in the distribution channel. Results of this can cause malfunctions to the equipment and may even loose their PCI DSS (PCI Data Security Standard) requirements.
PCI DSS (PCI Data Security Standard) Challenges
Both Chauhan and McCullen agreed that POS equipment is faced with unique challenges with its PCI DSS compliance.
“Requirement 5 states that you must use and regularly update antivirus software,” Chauhan says. An ativirus software can be very high overhead on a low-footprint POS system, she notes; however, change control software can eliminate the need for antivirus software.
As an example, NEC Infrontia installed and uses a change control software on its POS offerings whein it prevented unauthorized code from breaking unpatched systems. With this software, it allowed NEC Infrontia to remove the antivirus software that was affecting the performance of their devices, according to Chauhan.
In the PCI DSS Requirement 6, develop and maintain secure systems and applications. It also presents unique challenges, Chauhan notes.
It'll be a very challenging on the part of POS equipment providers to ensure their systems provide PCI compliance after shipping them to the dealer network and put into production at the retail location.
According to Chauhan, StoreNext (www.storenext.com)
“In addition, StoreNext was able to reduce the amount of time spent on monthly test and patch distribution cycles by reducing its patch frequency to quarterly,” Chauhan states. The PCI auditing requirement can be met through change control software, claimed Chauhan.
Other difficult areas include data encryption and user-based access controls, McCullen states.
For more information and advice on this topic you can quickly contact a Restaurant Point of Sale professional serving your area at POS-For-Restaurants.com.
The author of this article is the Vice President of Customer Relations at http://www.pos-
# # #
Searching for the best Restaurant POS System Solution for your business?
We're a National network of POS System Solution Experts who offer better value and features than most "Major National Suppliers"!