Video Screencast Help

How to Secure Your Mobile Point of Sale Devices

Created: 12 Apr 2013 • Updated: 17 Apr 2013 • 3 comments
MLatham's picture
+1 1 Vote
Login to vote

 

When businesses use mobile devices for payments, they have to make sure the devices they use are secure. Otherwise, they put themselves at risk. The following steps are for all of the hardware of card reader payments. 

Keep people from physically accessing the device
 

When a mobile device is not in use, it is up to its owner to store it safely. It should go into a safe, locked cabinet or be secured in the building where it used. 
 

Prevention of analytic and deductive methods of accessing the device

 

  • Use device security measures, such as complex passwords and multi-level verification.
  • Restrict such access to authorized users
  • If the device does not have built-in vendor verification, vendors using the machine should always have users verify themselves with personal identification numbers and other methods. It is a good idea to have the device lockout and require reauthorization after a set period.
  • If possible, full disk encryption should be employed on any mobile devices used for payment. It can help keep people from bypassing the reader's security.

Malware protection

Whenever businesses are dealing with devices such as computers and card readers, they have to protect against malware. The best way to protect against malware is anti-malware software.

 

  • Make sure that all antivirus and antispyware software comes from an authentic vendor and is the latest version.
  • Going around security that is installed on the device is disabling its protection, so do not tinker with it.
  • Do not install unnecessary software.

Card reader providers should:

  • Have updates when necessary, communicate those updates to their users and make them readily available
  • Make it impossible for the application to run on devices that have installed unapproved firmware
  • Provide instruction on how and when to do updates
  • Update users of any vulnerabilities that arise. They should also tell users how to fix these concerns and update them regularly as new solutions are found.

Monitor the current security status of the mobile devices

  • Make sure to scan all mobile devices with all security software to see if there are any security issues, such as apps with access to payment information and insecure apps. This should be done frequently.
  • The device should have some visible indicator that shows whether the devise is currently safe to use. This may be an icon or something of the sort. If that is absent, then vendors should not use the application under any circumstances.
  • Jailbreaking or rooting a device opens it up to malware. Do not do this with mobile devices that are being used for payment applications. Do not use payment solutions on mobile devices that are rooted or jailbroken, as they can become insecure easier than a mobile device that still has its native security controls. Also, disable USB bugging on the device.
  • Try to use mobiles that are direct from the factory for payment solutions instead of purchasing second-hand devices or devices through a third party vendor.

Keep only information required for the primary function of payment solutions

If a device has communications that it does not need for the card reader, disable it.

Record all device information to deter theft and aid recovery

Write down all of the information on the device and all of its applications. This includes:

  • The device model number
  • Serial numbers
  • Operating system
Blog Entry Filed Under:

Comments 3 CommentsJump to latest comment

Mick2009's picture

"Thumbs up" -  These two articles may be of interest, in case any readers want to learn more about Symantec's Enterprise solution for Android and Windows Mobile devices:

Here's a little intro to what the end user can expect to see on their Android from Symantec Mobile Security 7.2:
 

Getting to Know the Symantec Mobile Security 7.2 Client
https://www-secure.symantec.com/connect/articles/getting-know-symantec-mobile-security-72-client
 
Here’s a similar illustrated overview, for an admin audience:
 
Illustrated Guide to Installing Symantec Mobilie Security 7.2
https://www-secure.symantec.com/connect/articles/illustrated-guide-installing-symantec-mobilie-security-72

Keep those POS devices safe, whatever solution is chosen!

With thanks and best regards,

Mick

With thanks and best regards,

Mick

0
Login to vote
Smill's picture

Mobile security can become a very sensitive issue to a businessmen like me. Your article was of great help. thanks.POS

0
Login to vote
Anon-Viewer's picture

As more and more businesses use POS systems, it's going to be increasingly important to make sure that providers and business owners take the security measures necessary to protect themselves and their customers.

Therefore, thanks for highlighting the ways we can secure whatever POS system we may be using for our own business. As more updates come out, please feel free to email me or leave post here since I will continue to monitor this article for updates. Thanks again.

0
Login to vote