Visa recently sent out a breach alert, and included these standard tips to merchants using Point Of Sale (POS) software:
- Control the Windows Administrator account. Make it more difficult for malware to gain Administrative privileges.
- Assign a strong password for all accounts on the POS system.
- Create a unique local Administrator password for each and every POS system.
- Do not allow users to be local Administrators on a POS system.
- Change passwords frequently, across the enterprise (at least every 90 days).
- Ensure the POS system functions as a single purpose machine. To reduce the risk of malicious software infections, disallow all applications and services (i.e. Internet browsers, email clients) that are not directly required as part of the POS’s core functionality in processing payments.
- Keep operating system patch levels up to date. For Windows, this means ensuring Windows Update is functioning and automatically applying monthly security patches. For non-supported operating systems like Windows XP, there should be a plan to migrate to a current operating system.
- Restrict permissions on Windows file sharing or disable file sharing altogether. Unless absolutely necessary, Visa recommends disabling file sharing on POS systems. Microsoft has published instructions on how to disable simple file sharing and set permissions on shared folders.
- Restrict remote access services use. Unless necessary, disable remote access services, ports and accounts. If remote access services are needed, enable only when needed.
- Promote security awareness. Design anti-phishing programs, defense in depth strategies, and promote shared responsibility in security awareness.
Are you and your organization doing the correct things to protect your company and your customers from a breach?