You would be amazed by how many organisations don’t take payment security seriously enough, particularly when it comes to protecting data.
In 2016, over a thousand serious payment data breaches were recorded in the UK, and a year later that figure had almost doubled, costing millions of pounds to customers, banks and businesses.
As more and more companies move towards deploying self-service kiosks that offer different ways to pay for services, and as PoS attacks become more common, it’s vital that payment data is always handled securely and there are a number of precautions that should be taken.
From encrypting data to inspecting your machine, we’ve put together some handy tips to help you keep your payment devices and data secure.
What are the features of a secure payment device?
There are a number of features which are absolutely vital in keeping data and cardholder information secure from data breaches and hacking:
Single Use Keys: Allowing one million transactions to be used without reusing a key, Single Use Keys- or Derived Unique Key Per Transaction key management- ensures transactions can’t be replayed.
Encryption: At the time of use, card data is encrypted to keep sensitive information from being stolen or detected. This encryption can’t be decrypted and is a huge weapon in the battle against fraud.
Triple Data Encryption is now often used in the unlikely event of data hacking and this offers an added layer of security for complex systems.
Read Only Memory: Read only memory is found in firmware and is a solid way to protect data against malware attacks. Essentially it’s a layer of security that prevents hackers from playing around with data, keeping cardholder information securely stored.
If payment devices are neglected they can become vulnerable to breach so you should take a number of preventive measures including:
Inspecting them daily: If you have payment devices integrated into a kiosk at the end/beginning of every day you should be checking your machine for any signs of tampering. One of the biggest ways security is breached is through the machine being maliciously altered so always be on alert for any signs of damage.
A trained member of staff should check the hardware and software to ensure everything works correctly and any issues should be reported to the manufacturer in a timely manner.
Training your Staff: To uphold security at all times it’s well worth having a number of staff members trained to make the correct checks, in the case of absences and holidays.
Staff should not only be trained in how to make checks, but also shown how to use the system and equipment properly so they can take appropriate action if problems occur.
Making it simple for the customer: A simple and clear user interface should be put in place to allow customers to move through the payment process as efficiently as possible. Prompts and directions for usage should be be put in place and warnings to protect PIN information should be made clear.
Keep everything up-to-date: Hackers are getting brighter and bolder, but so is security. With software constantly evolving it’s so it’s important that the latest updates are installed to prevent easy access to data.