POS Security: A Practical Guide

The POS touches every payment, every customer, every sale. It's the highest-value target in the shop.

The threat model

Not hackers in basements. The attackers are:

• A disgruntled current or ex-employee.
• An opportunistic walk-in (skimmer, USB drop, tailgate).
• Supply-chain malware (infected barcode scanner firmware, cheap card reader).
• Phishing aimed at the owner, via the POS vendor's portal.

The baseline (do ALL of these)

1. One person, one account

No shared logins. Every cashier has a personal PIN. Every manager has MFA on their admin account.

2. Role-based permissions

Cashiers can sell and take payments. They cannot void, refund, or see reports. Managers can. Owners can do everything.

3. Unique receipts

Every sale gets a sequential receipt number. Any gap is visible in the reports.

4. Bluetooth OFF on the POS tablet

Plausible attack vector, zero legitimate use on a till.

5. No USB drives

Physically tape over the ports if your POS hardware allows USB input.

6. Encrypted at rest, encrypted in transit

TLS for everything. Disk encryption on the POS device.

7. Auto-lock after 2 minutes idle

Short timeout. Cashier walks away? Screen locks. Prevents tailgating.

8. Patch weekly

Your POS vendor ships security updates. Install them. Don't defer.

9. Nightly backups

Automatic, off-site, tested.

10. Audit trail

Every action logged with user, timestamp, and before/after state. Review weekly.

The advanced (if you handle card data)

• PCI-DSS compliant hardware. Non-negotiable.
• Never store full PAN. The POS or payment gateway tokenizes.
• Quarterly external scan. This isn't optional.

The meta-rule

Most retail breaches aren't sophisticated. They're a shared password, an unpatched system, and a terminated employee whose access was never revoked. Fix those three and you're ahead of 95% of the market.