As we upgrade platforms and adjust algorithms to suit the needs of our customers, we always keep in mind the role new payment technologies play in data security. Questions we always hear from our merchants include, “How can hackers access my customer’s information if I have the latest version of software installed in my devise?”
Easy. Take Wawa for example. Just recently, Wawa had a massive data breach that went undetected for nine months during 2019. Due to a cyber hack, Wawa’s computer system exposed customer names, numbers, and expiration dates on credit and debit cards. The thieves achieved the breach by installing a malware software on Wawa servers which meant that gas pump and in-store transactions were compromised throughout all 850 locations along the East Coast. Turns out, the Wawa hack was discovered about a month after VISA sent out a public warning that gas pumps using magnetic-stripe card readers are more vulnerable to hacking.
So how can you be sure your customer’s information is safe?
At FPN, we are diligently working to protect to your customer’s data whether the customer makes an online payment, or you swipe a card at your Point of Sale (POS). One way you can ensure data is protected is by validating your PCI Security every year. PCI stands for Payment Card Industry and covers every major brand such as VISA, Mastercard, Discover, American Express, etc. Ideally, if you’re accepting payments online, you should be scanning your network a minimum of once per quarter to ensure data is safe and secure.
Is your POS using the most up-to-date software available?
Our team witnesses many franchisees running their POS on older versions of Microsoft that are no longer supported by the POS providers. Typically, if you are on Windows XP or older, your POS provider cannot install the necessary security patches which makes you non-compliant with PCI Security. We also see many franchisees who are still running on older versions of their POS software. Many feel the old version still works so why spend money on an upgrade? Truth is, if you don’t upgrade and you get hacked, your POS partner is not going to accept any responsibly and you will likely be on your own.
Smile for the camera!
Picture this scenario, you need to have an IT specialist control your devise to figure out an issue. If you use a remote access and screen-sharing software such as Logmein, it doesn’t matter if your POS is 100% upgraded and your hardware is on the latest version, you are virtually opening a channel into your POS. While it is certainly acceptable to run this software for short periods of time, you must uninstall remote access and screen sharing once the service has been completed as that channel may serve as a risk for hackers who will find it. If you use screen-sharing on a regular basis to see what’s going on in your store when you’re not there, you should stop immediately. Same goes for franchisees that like to set-up security cameras to watch employees while they are out of the store.
Most people don’t realize that the same video feed that you see on your phone is the same feed that exports from an open port on your router. Open ports are vulnerable to hackers snooping through your POS or implementing a dangerous malware or virus. Let’s say you already figured that out, so you put the security camera on either a separate router or you have a very secure firewall preventing data from moving between ports. Where are you most likely going to be pointing a camera? Right at the register. The only place in your store where card numbers could be viewed. Even if your camera is on a separate router, it could be compromised, and a hacker could see card numbers as they are accepted behind the counter. The best way to prevent a breach is to be aware of the many channels hackers can use to access data.
Franchise Payments Network is committed to the best support and on-going training to keep you informed on payment security. Contact us today at firstname.lastname@example.org for more details.
If you’re a current FPN client and want to update your PCI SAQ now, click here.