By Nicole Bryan
The holiday season is fast approaching, so now is the time for retailers to arm themselves not just for hordes of shoppers but also scammers, fraudsters and cybercriminals. The technology is available to help merchants protect themselves and their customers from fraud this holiday season. This is the time to make sure all POS systems are updated to protect against fraud and other cyber criminality.
Laura Miller, president of small business of Chase Merchant Services at JPMorgan Chase, says 75 percent of companies experienced some type of payment fraud in 2016, and the total number of attacks increased over 2015. New industry standards and up-to-date point of sale technology can protect businesses if they take action to close their security gap.
1. Utilize Point-to-Point Encryption (p2pe) and Tokenization
Retailers that have already upgraded their POS systems to accommodate EMV chips can breathe a small sigh of relief this holiday season. The chip-and-PIN technology, now in the wallets of almost all American shoppers, uses encryption to significantly decrease and eliminate opportunities for fraudsters to steal payment data. Harmful malware typically infiltrate systems that lack p2pe and tokenization.
If a merchant has not yet upgraded to a POS device that accepts the new cards, all the security in the world is useless. Research from Iovation found that retail brick-and-mortar credit card crime has been declining since the EMV liability shift and widespread roll out of associated chip cards in 2015 that feature these safety upgrades. This means that merchants need to be accepting EMV payments, in order to keep fraud down. The chip cards are only one part of the payment security equation – merchants need to meet consumers half way.
2. Stay Informed
Merchants should make sure they know when the deadlines are to upgrade to the latest global security standards. They’re set by the global PCI Security Standards Council. Miller says merchants that don’t stay current risk losing sales because payment processors will no longer accept payments using non-compliant encryption technologies. Another reason to stay up-to-date is to protect against fraud and chargebacks.
Merchants should also utilize security focused websites and blogs to keep up with the latest information and trends. There are plenty of resources out there to ensure that a merchant is receiving proper security education. If a merchant is working with a payment processor, exploring their blog section may offer a lot of insight.
3. Secure the Network
Merchants should have firewalls activated in order to secure the network. Limiting the number of authorized IP addresses should be done for outbound firewall rules as well. Cyber criminals can utilize misconfiguration to their advantage, as they can enable ports to communicate with various IP addresses around the web. If a merchant works with a payment processor, it is a good idea to segment them from other networks. Creating stricter access control lists and applying them on router configurations can also restrict unauthorized activity.
4. Restrict Remote Access
Source:: Business 2 Community