Your Point of Sale Systems Do Have Hard Drives

When it comes to the point of sale (POS) systems in your retail store, you’re likely more concerned about placement for optimal layout and flow than you are about what data devices may hold.  As long as you can scan barcodes or otherwise enter purchases, take cash or credit payments, and print receipts, you might not waste too much thought on your POS system.

Unfortunately, depending on how advanced your system is, the electronic components involved could collect and retain sensitive data, making them prime targets for hackers and a major risk for data breach.  Here are a few things you should know in order to minimize risks for your South Dakota or North Dakota business.

PCI Compliance

When you install a POS system, chances are the components come with some form of security embedded, in compliance with payment card industry (PCI) requirements intended to protect confidential consumer credit information and reduce risks of identity theft.  Any devices that are connected online will typically be subject to regular security patches from device manufacturers, especially if credit swiping technology is leased.

That said, minimizing vulnerabilities could require some diligence on your part.  You may have to try to segregate your POS systems from other networked devices used in your operation to protect against crossover attacks via vulnerable systems.  If you use a third-party vendor for POS management (including security updates, network monitoring for threats, and so on), it’s wise to implement some oversight to ensure they fulfill their contract.

You might also want to beef up network security as much as possible on your own.  This is important because if sensitive customer data, like credit card information, is compromised, the buck ultimately stops with you.

Disposing of POS Devices

Whether you rent or own the electronic equipment that makes up your POS system, you are obligated under privacy laws to ensure that all data is destroyed before you return devices to third-party owners or dispose of them yourself.

First, you should find out if your devices contain any kind of storage capacity, such as a hard drive or memory card. If so, you’ll need to remove data from these devices in compliance with consumer privacy laws, and possibly, financial industry regulations like FACTA, GLBA, and so on.  Companies with leased equipment that have to return POS hardware to a third-party supplier should wipe any data stored on these devices before returning them as well.

The process is a bit easier if you own all of your POS equipment (although this is rare, since many retailers lease at least the credit card swiper from a third party, and often, the entire POS system).  All you have to do is partner with a trusted ITAD service provider to shred or erase any hard drives or devices containing sensitive consumer data.

When it comes to data security, you may trust your POS system to have built-in safeguards, and you might assume that this simple system won’t store any sensitive data.  However, you need to focus on protective measures if you want to remain in compliance with consumer privacy laws and protect your customers and your company.

If your North Dakota or South Dakota business needs help disposing of or wiping electronic devices that store confidential data, contact the qualified experts at SEAM today at 605-274-7326 (SEAM) or online to learn more and request a quote for services.