February 9th, 2023

Protecting the Security of your Restaurant Point of Sale


Want the Action Sheet ? Click Here

Your Point of Sale (POS) system is one of the most critical devices in your business – it’s the ‘entry point’ for most of the money you receive. It processes transactions, and also saves essential client data and can access credit card numbers and other private information. Detailed and rigorous POS security systems are essential.

Use this article as a checklist for talking with POS providers about what their system offers and how it compares with others – it’s easy to be intimidated by all the jargon!

Not a day goes by that there aren’t stories about computer fraud and bank accounts being hacked – when you set up strong safeguards and security routines, you will definitely sleep better at night!

Let’s go through the POS protection steps one by one…

Use Firewall and Antivirus Software – one of the first and most crucial things you can take to safeguard your POS system. These computer programmes keep an eye on your network for any harmful activities and to prevent unwanted access. In addition, your antivirus programme will be better equipped to identify and eliminate any new infections if it is updated often.

Use Encryption – make sure that your POS system uses encryption to protect sensitive data, such as credit card numbers and other personal information. This is a powerful tool that protects your data from being intercepted or read by unauthorised parties. Look for a solution that uses industry-standard encryption algorithms, such as AES or RSA. Additionally, you should make sure that your POS system uses SSL (Secure Socket Layer) or TLS (Transport Layer Security) to encrypt data transmitted over the internet.

Use Secure Passwords and Different Access Levels – for all users of your POS system, using secure passwords is a quick and easy technique to help prevent unwanted access. Use a mix of letters, numbers, and special characters to generate a strong password that is at least eight characters long. Update passwords regularly.

Different levels of access enable different activity – eg managers can change prices and run reports, regular users can only ring up transactions. The fewer people who have access to management-level information, the less likely it is to be compromised.

Use Two-Factor Authentication for logging in – two-factor authentication (2FA) means that a user must enter a unique code created by a device like a mobile phone or security token to access your POS system.

Train Employees in Security Awareness – this could involve receiving instruction on the importance of password security, spotting suspicious behaviour, and the repercussions of gaining unauthorised access or committing fraud. Do regular role-plays on handling suspicious transactions and what to say if a person’s card has been declined. This training should also include how to check the credit cards and ID’s of customers, especially for transactions above an agreed amount.

Other signs of fraud can include big purchases made with more than one card or someone using a different person’s card, e.g. a female uses a card with a male name on it. Make sure staff know how to take the next steps, e.g. calling the card issuer and telling the manager what happened.

Watch Out for Suspicious Staff Activity – watch out for odd logins, transactions, or system modifications. Using the ‘training key’ can be a way that off-the-books transactions can be done when the owner is not present. This can be a helpful feature for onboarding new staff, but only used with manager authorisation. Limiting access to the Open Key is also essential – every item without a physical key should have its own PLU (Price Look Up) code.

Sometimes, a staff member may set themselves up as your in-house ‘IT expert’ and constantly update systems or add helpful features. It’s not dissimilar to the ‘money grooming’ behaviour that internal thieves use to keep all the notes tidy in the till drawer. If you have suspicions, act quickly and seek third-party advice.

Check the POS Security Logs for Signs of Internal Fraud – there are a number of reports that will give useful information, and most can be accessed remotely with a modern system:

  • Login and logout logs: This can help track who has accessed the system and when, which can be useful in identifying unauthorized access.

  • Transaction logs: This log records all transactions made through the POS system, including the date, time, type of transaction, and the employee who processed it.

  • Credit card logs: This log keeps a record of all credit card transactions processed through the POS, including the card number, expiration date, and transaction amount.

  • Refund and void logs: This log records all refunds or voids made through the POS, which can help identify possible fraudulent behaviour such as fake refunds or voids.

  • Inventory logs: This log keeps track of all inventory transactions, including changes in quantity and updates to the item price.

  • User access logs: This log records any changes made to the user access permissions in the system, which can help detect any unauthorized changes made to the system.

Regular Data Backups – this assures you that there’s a ‘clean copy’ of your POS system and data. By doing this, you can swiftly return your system to its former condition and lessen the possible effects on your company. Talk to your POS provider about what procedures they recommend – ideally, using both a local hard drive and also a cloud-based system.

Update Software Whenever Available – not only for your POS system but also for routine antivirus and firewall updates. This covers your operating system and any other programmes or software you use. Your system becomes more secure due to security patches and fixes frequently included in software upgrades. If this means an extra subscription payment for your POS system, it’s well worth the money. Updating to the latest software versions can also enhance your system’s functionality, reliability, and compatibility – it should guarantee that your POS system operates without problems and that your data is secure.

Check the Security of Integrated Services and Peripheral Devices – this could include EFTPOS payment equipment, booking systems and third-party ordering systems like DoorDash and UberEats. They are often connected to your POS through separate integration software. Service providers should adhere to the Payment Card Industry Data Security Standard to safeguard these auxiliary devices and services (PCI DSS). Additionally, ensure these systems are updated often and watch for advice on any security risks.

Protect other Physical Equipment – this could include credit card readers. Using secure wires and enclosures and routinely inspecting for signs of tampering or ‘skimmer’ devices are two ways to do this.

Protecting the POS system at your restaurant from security risks needs a multi-layered strategy that involves protecting the system itself, peripheral devices and services, and watching out for unusual activities. By following these measures, you will protect your company’s security and defend against expensive fraud – it’s time for action!

Check the other useful blog posts on the Foodie Coaches website…

Want to get some 1 on 1 help? Talk to one of our coaches

Click Here to Reserve a Time

Leave a Reply

Your email address will not be published.

   EXPLORE TOPICS

TURN INTENTIONS INTO ACTION custom

Get a free 15-minute consultation and recommended solutions with one of our coaches.

By submitting this form, you agree to receive marketing emails, phone calls, and text messages (recurring) from Foodie Coaches at the number and email you provided. Message & data rates may apply. Reply STOP to unsubscribe. View our Privacy Policy | Terms of Service | All Policies . Consent is not a condition of purchase.