Data Security and Point of Sale Mobile Apps

IDWise Logo

More and more businesses are choosing point-of-sale mobile applications to supplement or even replace traditional systems. Almost any small or medium-sized business can find an app to suit its needs—from simple iPhone card readers to scalable systems which sync to accounting software and allow up to 50 users.

But security experts warn that these solutions may be more susceptible than their predecessors to hacking and data breach. In April 2014, researchers at the SyScan security conference warned that many POS systems are "easily hacked" and leave businesses "open to serious fraud."

What should business owners consider before adopting mobile point of sale, and how can they keep their systems safe?

  • Adherence to Industry Standards. "When choosing a provider, it's important to make sure the solution adheres to the Payment Card Industry Data Security Standard (PCI-DSS)," says Justin Guinn of online review hub Software Advice. The PCI-DSS requirements, which apply to businesses as well as the manufacturers of payment card solutions, include requirements intended to build and maintain a secure network, protect cardholder data, control access to sensitive systems, regularly monitor and test networks, create vulnerability management programs, and maintain information security policies.
  • Encryption Options. Many apps are now including point-to-point encryption (also called end-to-end encryption), which encrypts card data from the merchant's point of sale device to the back-end payment processor. This type of encryption prevents the card data from being read if intercepted between the two points, and greatly decreases the risk of data breach via the mobile device.
  • Your Own Best Security Practices. As always, it's important to make sure to keep the operating systems and security software updated on any computers that may work with the app. Business owners should also keep use of the devices to authorized users only, use complex passwords and two-step verification, and other security precautions as for any mobile device.

Many small business owners are reaping the benefits of point-of-sale mobile apps, including portability and real-time sales data tracking that gives them the ability to make operational decisions on the fly. By researching carefully before choosing a system and following common-sense security precautions, these systems can be an excellent alternative to, or provide added functionality for, traditional payment systems.

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.

Sign UP for CID News