Best Practices for Cash Register and PoS Security

Security policies should be implemented for all aspects of a network from top to bottom. Here you will find the best network security practices for cash registers and POS systems. While not all the policies listed below may be necessary, it is recommended that you properly understand all network vulnerabilities and implement a series of policies based on potential exposure.

• Implement hardware-based point-to-point encryption. It is recommended that EMV-enabled PIN entry devices or other credit-only accepting devices have Secure Reading and Exchange of Data (SRED) capabilities. SRED-approved devices can be found at the Payment Card Industry Security Standards website.
• Install Payment Application Data Security Standard-compliant payment applications.
• Deploy the latest version of an operating system and ensure it is up to date with security patches, anti-virus software, file integrity monitoring, and a host-based intrusion-detection system.
• Assign a strong password to security solutions to prevent application modification. Use two-factor authentication (2FA) where feasible.
• Perform a binary or checksum comparison to ensure unauthorized files are not installed.
• Ensure any automatic updates from third parties are validated. This means performing a checksum comparison on the updates prior to deploying them on PoS systems. It is recommended that merchants work with their PoS vendors to obtain signatures and hash values to perform this checksum validation.
• Segregate payment processing networks from other networks.
• Disable unnecessary ports and services, null sessions, default users, and guests.
• Enable logging of events and make sure there is a process to monitor logs on a daily basis.
• Implement least privileges and ACLs on users and applications on the system.

Resources: US-CERT – Department of Homeland Security

See related links:

Backoff Point-of-Sale Malware US-CERT Alert (TA14-212A)

Best Network Security Practices for Merchant Processing