In the retail world, there are few things more important than the security of a point of sale system. As payment options become more complex and cash registers move further into a digital world, having the right POS software and security in place to protect all credit card processing systems is crucial. Part of this involves staying up to date with all of the latest industry standards.
This month, the Payment Card Industry (PCI) released version 3.0 of its Data Security Standards (DSS) and the Payment Application Data Security Standard (PA-DSS). The 112 page document can be a lot to digest but luckily businesses will have until January 1 to make the transition from PCI DSS 2.0. On top of that, the new security requirements will be considered best practices until June 30, 2015.
However, there is a feeling that these kinds of standards are futile because even companies that are 100 percent up to code can be the victim of a security breach. If that is the case, why follow these standards at all? Because it is only part of the equation.
"Periodic reviews and communications should be performed to confirm that PCI DSS requirements continue to be in place and personnel are following secure processes," the report reads. "These periodic reviews should cover all facilities and locations, including retail outlets, data centers, etc., and include reviewing system components (or samples of system components), to verify that PCI DSS requirements continue to be in place—for example, configuration standards have been applied, patches and AV are up to date, audit logs are being reviewed, and so on."
The report includes several best practices outside of the standard that businesses need to remain on top of if they want to ensure the best level of security.They include:
- Continuous monitoring of firewalls, intrusion detection systems, antivirus products and access controls
- Ensuring security control failures are detected and remediated in a timely manner;
- Reviewing how system changes impact the scope of PCI DSS and updating the security controls as needed;
- Reviewing how organizational changes like acquisitions or mergers impact the PCI DSS scope
- implementing separation of duties for personnel in charge of security and those responsible for operations so that no single individual has control over an entire process without independent checks.
Another quality best practice can be for businesses to partner with a retail solutions provider that understands the ins and outs of point of sale software and PCI compliance to ensure the system remains secure.