Security issues from other threads

Maybe this is a bit too obvious, but it seems the only way a POS system can be hacked is if it’s connected to the Internet. I realize it’s for convenience of upgrades and for credit card processing, but is the risk really worth it?

My plan, which shouldn’t be unattainable, is to set up a self-contained intranet for the POS, and use a separate cardswipe process. Yes, it’s one more piece of equipment, and one more expense, but considering the stuff I just read, that’s fine with me.

Is this an outdated idea? I also realize I’ve been out of the retail world for 5 years…

I do use a separate card swiping system and it works well for me. Being in Canada nearly all non cash transactions require a PIN to be input by the customer, since my POS system does not support PIN technology I do not have much choice in the matter.

Online ordering is where it becomes necessary to have my POS system connected to the internet. The system receives the orders as an email that interfaces with the POS to produce the order. The way my operation is set up, delivery customers pay with their credit or debit cards on a portable terminal the drivers carry with them so no credit/debit card information goes through the POS system.

After our issues with our previous POS provider. We switched to dialup terminals. I also am switching to a different online order provider that handles the credit card processing for online orders off site. With the increasing number of security problems I think this is the only way to go. I was fortunate enough to be able to survive the cost of the issues we experienced, but a couple years ago it would have put me out of business. I’ll take the few extra seconds it takes to manually run a card over the risk any day. During our whole process we signed up with a managed firewall company that offers a breach guarantee. However, just like any guarantee, there are plenty of stipulations. Ultimately, the burden is on the business owner. So, we kept internet access for updates and online orders and took credit cards out of the mix. You really have to weigh the cost and likely hood of something happening. I know it is fairly unlikely to happen to most businesses and there is a lot you can (need to) do to protect yourself and your business.

is it possible to have a self contained POS system on an intranet, while having a seperate CC terminal for CC processing… Yes.

The PCI concerns come into play when the consumer information - CC information is stored by the POS software and not directly sent to the the processor. If your POS is PCI compliant like Aldelo is there should be less need for concerns. In additions you should be filling out your self questionaire for security complinace for your merchant processor. This after submission should lel you know if your PCI compliant or not… something to think about.

Any Aldelo question or concerns or support needs let us know.

Wow. Another sales plug. Not really what I was looking for.

I don’t care how secure the system is built to be, if it’s on the Internet it can be hacked. Information can be compromised. I’m not going to risk that. If that means no on-line ordering, so be it. I’d rather be able to brag about your information IS safe than have people sending it online. But, yeah, that means being really careful about paper. The handheld portable machines make sense.

No system of credit card processing is 100% secure…because of the human element…

But many/most systems I’ve seen used are secure enough for most operators…

Look @ how many c/c transactional are processed by eBay & amazon…

There are bumps in the road, but easily overcome…