As the industry continues its trend toward smart terminals with integrated software for payments and other services, criminals are also stepping up their efforts to secure a new treasure chest of data at the point of sale.
Even though payments services have made unprecedented technical advances the past few years, criminals love security gaps that can arise with new technology, making it easier to enter networks that hold personal information and card credentials.
Terminals are becoming places where merchants can add software for data analytics, loyalty and rewards, gift card acceptance, customer management tools and even accounting or payroll programmes.
On top of all of that, the integrated terminal generally is prepared to accept any type of emerging payments so as to move those transactions over the credit and debit rails. But merchants need terminals “smart enough” to accept those payments with proper coding and security protocols.
Understanding this latest trend, the Payment Card Industry Security Standards Council in mid-December issued guidance and recommendations on terminal software security, stressing safety in the development of software that would operate on a POS terminal. All applications that store, process or transmit cardholder data are in scope for a merchant’s PCI data security assessment.
Requirements cover software code required to meet parameters defined in the council’s point-of-interaction devices and PIN transactions guidance.
PCI also calls for awareness training that supports secure software development, as well as defining a security roadmap that outlines malware threats to assure the software addresses those concerns.