receives compensation from some of the companies listed on this page. Advertising Disclosure


Credit Confidential: Best Practices for Point of Sale Security

Kristen Gramigna
Kristen Gramigna

Your point of sale (POS) can improve customers’ experience with your business, and simplify internal business processes.

Your point of sale (POS) can improve customers’ experience with your business, and simplify internal business processes.

However, there are a few basic security measures that can ensure your POS works sufficiently when it comes to keeping sensitive data safe.

Here are some POS security best practices to follow.

Related Article: Cha-Ching: 10 Point-of-Sale Systems That Do More Than Just Sell

Partner With Processors That Guarantee PCI Compliance

The PCI Security Standards Council was founded in 2006 to serve as a global advocacy group for all involved and impacted by the payments industry. Unfortunately, data criminals consistently discover new ways to intercept payment data. As a result, security standards and the definition of “PCI compliance” must also change frequently, to remain current with the latest tactics thieves use.

Though the standards established by the PCI Security Standards Council exist to empower merchants, remaining PCI compliant can require a significant investment of time, money and resources from any business trying to independently manage the job.

In fact, one study by the Merchant Acquirers’ Committee suggests that as many as 30 percent of large merchants are not PCI compliant. Small businesses can simplify the task of staying PCI compliant, while managing their exposure to risk by choosing payment partners carefully. Use only POS vendors that guarantee “PCI compliance.”

You’ll have the peace of mind that all customer payment transactions initiated by your business follow the latest version of security standards, even if your internal resources are lean.

Keep POS Hardware Current

Most merchants who accept customer credit and debit cards as a form of payment are now expected to have the ability to process Europay, MasterCard and Visa (EMV) chip cards at their POS, despite that many of the EMV cards issued to cardholders in the United States still include a functional magnetic strip on the back.

Why does it matter if a customer swipes a card or inserts it into the EMV terminal? The experts at EMV Connection explain that the chip on an EMV card acts as a small microprocessor that facilitates transaction processing, and makes it more difficult for thieves to counterfeit or “skim” sensitive information from the card (as they commonly do with magnetic strip cards).

Related Article: How to Accept Credit Card Payments: A Beginner's Guide

To leverage EMV’s enhanced security, your POS system must include the ability to process EMV cards using the chip feature, for the sake of your customers and your business. Now that the October 2015 EMV deadline has passed, you could be held liable for the payment of fines, fees and lawsuits that may follow if a breach were to occur at your business, and your POS was not equipped to process EMV cards.

Familiarize Your Team and Customers With Tokenization

While EMV cards have long been the payment card industry standard in Europe, many American cardholders may be unfamiliar with the technology, and unaware of why their card now has a chip. Because swiping a card remains a familiar payment behavior among Americans, many customers may opt for that form of payment processing.

Teach your staff about the security features that EMV transactions offer customers, like tokenization. The more they understand, the better equipped they are to educate customers at the POS.

Tokenization essentially replaces a customer’s identifiable data (like a 16-digit account number) to conceal it from prying eyes during transaction processing. Before any data is transmitted, sensitive information related to a transaction is replaced with a series of meaningless numbers and letters (a token).

Though the payment networks and financial institutions involved in the transaction “translate” the token to approve or deny a customer’s payment transaction, data thieves can’t make sense of it. If they do access the token, they cannot identify the customer, or replicate the token to initiate further fraudulent transactions.

Educate employees who work at the POS to talk to customers about why they should consider using their card’s EMV feature before they opt to swipe out of habit, by pointing out important features like tokenization.

Related Article: EMV 101: What You Need to Process Credit Cards Today

POS security best practices seem complex, but you can protect customer data, and the level of risk your business assumes with simple shifts in how you approach payment security at your POS.  Choose payment processing partners that are experts in PCI compliance, educate your team, and talk to customers about how they can proactively improve their payment security.


Best Small Business Credit Card Processor - Helcim



Best Processing Terms - Flagship

When you're looking for a credit card processing service, one feature you should insist on is a contract with month-to-month terms.



Best Processing Rates - Fattmerchant

Looking for a solution for low card processing rates? Consider Fattmerchant to save the most per transaction.




Image Credit: DERO2084 / Getty Images
Kristen Gramigna
Kristen Gramigna Member
Kristen Gramigna is Chief Marketing Officer for BluePay, a provider of ecommerce payment processing. She brings more than 20 years of experience in the bankcard industry in direct sales, sales management, and marketing to the company and also serves on its Board of Directors.