A lot of the reaction to the Target security breach has fixated on the backwardness of the physical data storage of American credit cards. The story goes that if only banks would hurry up and get us onto the “Chip and PIN” Europay MasterCard Visa card, we’d all be safer from breaches like this. Chip and PIN cards have some security advantages over the magnetic strip, but it’s not likely it would have made much difference in this case.
The more important lesson here is that tightly integrated security needs to be built into retail systems from the ground up. Tightening security in one position without addressing the whole integrated system would accomplish about as much as sending money from a back alley to a park bench in an armored car. The formation of a comprehensive security policy happens most effectively in a close collaboration between the solution provider and the merchant. This philosophy is integral to PCI compliance, the gold standard of mitigating risk in electronic transactions.
The responsibility of a POS solution provider is to build security into the solution from the beginning of development, starting with the basic requirements of the software and ending with testing, rather than rushing a product to market with security measures stapled on. Security can’t be added on as an afterthought. If the developer follows this “build-security-in maturity model,” transactions will be thoroughly secure within the POS device (whether the card has a magnetic stripe or not).
On the other hand, the most ironclad solution becomes radically insecure if the merchant doesn’t integrate it into a complete security process. Merchants need to update their strong passwords regularly, secure their networks, and ensure safe transmission of data to their credit card clearing service.
A mobile POS solution can be a great tool for merchants who are working hard to attain comprehensive security. If customers can pay wherever they are, their credit cards are guaranteed never to leave their sight. Provided that the mobile device works together with a secure, PCI-compliant back end system, it can give merchants and customers confidence that every transaction is completely safe.