In our increasingly cashless and digital world, payment fraud is on the rise. According to the European Central bank, the UK is one of the worst-hit markets in Europe with 134 out of 1000 Brits likely to be a victim of card fraud. It’s easy to see why UK retailers need to be hyper-vigilant.
Although more secure than Card Not Present (CNP) transactions, in-store POS systems are nonetheless popular targets for thieves looking to steal credit/debit card details – especially in busy, high-traffic environments like hospitality, grocery and department stores. In addition, the rise in contactless spending limits to £100 has also attracted the attention of criminals, making it a much more attractive target to fraudsters.
PCI helps reduce the risk
Ensuring all devices in their physical estate are compliant with the latest Payment Card Industry Data Security Standards (PCI DSS), helps protect merchants and keep their customer’s data safe.
PCI DSS provides a framework of safeguards including guidelines for POS systems. It also advocates using point-to-point encryption (P2PE), which prevents sensitive payment data from being held or transmitted in the transaction chain. Instead, it is encrypted at the point of entry so even if a hacker intercepts it, they can’t decrypt or use the data.
Castles keeps you ahead of fraudsters
As a trusted payment solutions provider, transaction security, fraud prevention and state-of-the-art technology is embedded in Castle Technologies’ DNA:
- Castles has been championing POS security for decades.
- Recently, we were the first payment solution provider to receive PCI PTS V6 certification.
- All our devices run on Android 10 and ensure robust security controls to prevent physical tampering and the insertion of malware.
Our Remote Key Loading Manager (RKLM) streamlines processes and allows keys to be remotely injected for easier compliance and faster deployment in all payment environments: countertop, portable, mobile, mPOS, PIN pads, and unattended.
Meanwhile, our cloud-based estate management dashboards and tools ensure you can update connected devices remotely. Making it easy to manage the security patches essential to preventing malware and other forms of POS attacks, as new threats evolve. The terminal is the sole device responsible for requesting security patches and updates. Only known and identified systems can connect to the terminal, and third-party entities are not authorized to send updates. The terminal connects to these systems when necessary and manages the upgrade process itself to maintain security.
With Castles Technology, full estates can be updated, simultaneously, leaving no checkout exposed. There’s no need to return products or instigate costly site visits from field engineers. Importantly, there’s also no downtime or disruption to customer checkout services.
What else can retailers do?
While Castles POS devices and systems include built-in security features to lower the risk of an attack, retailers should also implement additional anti-fraud measures wherever possible. Criminal activity is always evolving and adapting so having a ‘belt-and-braces’ approach can help keep you ahead.
Here are six ways you can reduce the risk:
- Keep all POS software regularly updated and make sure to install factory-sent updates – which often include security patches and new protocols.
- Consider a POS “lockdown” strategy, using technology that whitelists authorized processors. This automatically shuts off and locks down any non-authorized POS connected to the system, preventing them from processing fraudulent transactions.
- Don’t overlook apps. There’s now a myriad of value adds that are used to enhance the POS experience. Whether it’s a loyalty, charity, or branded promotional app, make sure that they are secure, compliant and regularly updated so that they don’t provide a vulnerability and leave you exposed.
- One of the most important actions is to train checkout employees. They are your first line of defence and need to know how to spot potential threats e.g. card skimming and device tampering.
- Given the high turnover of retail staff, login credentials should be changed frequently and meet standard password security requirements to avoid hacking.
- If using battery-powered mPOS devices, ensure strict processes for checking them in and out while they are charging. Some thieves will attempt to pocket untethered devices and use these for fraudulent purposes.
Security remains a top priority in 2023
As we head into the year, payment security is likely to remain a major challenge for all retailers – whether they’re operating in bricks or clicks or both.
Finding ways to reduce risk and keep customers safe while ensuring a great experience is also likely to be a key thread running through this year’s Retail Technology Show at London Olympia from April 26 to 27.
Castles Technology will be on Stand 6C70 to show how it’s done.
