Throughout Australia, EFTPOS terminals have become an integral part of how most business owners conduct their transactions.
Still, while these devices undoubtedly streamline the payment process for everyone involved, they also store highly sensitive customer data that can prove invaluable to fraudsters if left unprotected.
As a small business owner, ensuring the security of your EFTPOS terminal should be a top priority – not just for safeguarding your own reputation but also for the general trust and loyalty of your customers.
So, to ensure your business can thrive and stay compliant with industry standards, we’ve put together a list of simple, proactive measures to counter the threat of fraud.
Select a trusted payment provider
Choosing the right payment provider should always be the first line of defence for safeguarding customer data – how are you meant to protect your data from fraudsters when your payment provider is shady themselves?
Ultimately, you need a partner with a strong and certified reputation, one who knows the ins and outs of industry standards set by entities like PCI-DSS (Payment Card Industry Data Security Standard). This goes for leading card schemes like Visa, Mastercard, and eftpos, too.
Remember, it’s their responsibility to pre-install all the relevant software on your EFTPOS terminals, so this actually offloads much of the heavy lifting required to protect customer data on your end and lets you focus on the core business operations.
This means that from the moment you receive your terminals, they’re already equipped with the latest security measures and are ready to process transactions securely. Furthermore, a reliable provider keeps your terminals updated with remote software updates, so you’re always in front of any emerging threats.
Follow the schedule for remote software updates
As mentioned, from time to time, you’ll have to install software updates to hash out any bugs or vulnerabilities with the previous security patch. Now, the payment provider will automatically send these updates to your EFTPOS machine, but it’s your job to stick to the update schedule they provide to ensure maximum security.
In practice, this means having a routine that can accommodate the remote software update process when needed. Consider designating set time periods where your EFTPOS terminal can be connected to power, especially overnight, if necessary.
This essentially enables a seamless installation of software updates without getting in the way of your daily business operations. You’d never want your only EFTPOS terminal out of action to install updates while your customers are trying to make payments.
Safe PIN entry for customers
Though contactless card payments simplify transactions for any purchases below AUD 100, it goes without saying that safe PIN entry is still vital for payment security.
For instance, the general positioning and capability of security cameras within your business premises should be something you consider. Obviously, security cameras are essential for maintaining overall safety and deterring any criminal activities, but you must also ensure they’re not positioned in a way that captures or records customer PINs.
Fortunately, all this means is positioning your cameras strategically and away from the point of PIN entry – you don’t need to shell out on new, fancy equipment. Additionally, you could implement privacy screens that shield the keypad from view so your customers don’t need to look over their shoulders for prying eyes.
Aside from creating a safe and discreet environment for PIN entry builds, this also demonstrates your commitment to customer privacy, which can go a long way toward building trust with customers.
Manual entry means extra precautions
In some scenarios, you may find yourself in a situation where manual entry of card details into an EFTPOS terminal is necessary.
Commonly known as virtual terminal or MOTO (Mail Order Telephone Order) payments, this method is typically only used for remote transactions conducted over the phone or whenever you accept mail order forms via post.
Although customers always appreciate multiple payment options, manually keyed payments always require additional safety precautions to ensure the confidentiality of customer data at all times.
As a result, it’s imperative that you adhere to PCI-DSS guidelines to stay compliant.
Most reliable EFTPOS machine providers will offer assistance in this process so you can achieve and maintain PCI-DSS compliance (usually for a fee), but at times you may need to bear this responsibility yourself and complete the PCI-DSS documentation annually.
Keep the terminals safe
Lastly, always avoid leaving your EFTPOS terminal unattended or in a vulnerable location that unauthorised individuals could access. For instance, rather than leaving it on the counter when not in use, consider installing additional security measures like tamper-evident seals or locking it in a secure location.
On occasion, you may also need repairs or maintenance performed on your EFTPOS terminal, so it’s vital that only authorised technicians (preferably recommended by your payment provider) handle this.
Going with the cheap local option might seem tempting, but having your EFTPOS terminal in the wrong hands invites bad actors to exploit possible vulnerabilities or even install malicious software.
Final thoughts
Remember, prioritising EFTPOS terminal security isn’t strictly a matter of compliance or protection against potential threats; it’s a fundamental part of strong customer relationships and lets them know their confidential data is always handled with the utmost care.
While the practices we’ve discussed provide a solid foundation, always be vigilant for new and updated security measures, so your business receives all the support it needs to grow.
