Toast Restaurant Blog

Welcome to the best thing since sliced bread: bite-sized restaurant content to inspire, inform, and indulge in. Go ahead, help yourself.

Not sure where to start? Click here.

Join our community of 25,000+ restaurant professionals.
Subscribe today for daily tips and insights on restaurant trends.

4 Restaurant POS Security Questions to Ask Your POS Partner

Posted by Allie Tetreault on 9/15/15 8:00 AM in Restaurant Technology

2 minute read Print

POS_Security_Questions

The following is an excerpt from The Definitive Guide to Restaurant POS Systems

Data is a powerful tool in the restaurant industry. It’s also often sensitive and classified. The storage and protection of credit card data has been scrutinized in recent events, with hacker attacks in both retail and foodservice establishments.

Before purchasing a restaurant POS system, it's crucial that you understand areas of potential data weakness, as well as ask important questions about POS security. 

1. Does the point-of-sale system run on Windows XP? 

On April 8, 2014, Microsoft stopped supporting the Windows XP operating system.

This means that any POS system that runs Windows XP no longer receives important security updates and is no longer PCI compliant.

Do not choose a POS system that runs on Windows XP. If you’re currently using an XP-based system, it’s time for a change.

You will be required to pay for an expensive software upgrade or be at serious risk for fraud and viruses.

2. How is POS data encrypted? When is credit card data stored in the system? 

In order to prevent data breaches and fraud, your POS system should encrypt data the moment a credit card is swiped.

All sensitive data should also be encrypted when it is stored on your POS server, so it’s nearly impossible for someone to access your database and steal classified data. How does the POS system encrypt data?

Identify potential weak points by inquiring how and when credit card data is stored and encrypted in the system.

3. Who has access to the server and the data on it?

Your system should allow you to restrict access to sensitive data.

Anyone who is granted access to the data should be required to enter personal login information so you can track who is interacting with your data and hold the right people accountable if something goes wrong.

Usually, data access is limited to management.

Decide who should have access to data and lock down the system from everyone else (your POS provider should help you).

4. Who is responsible in the event of a data breach?

If PCI compliance is important to you, make a point of asking POS providers to prove that they are certified.

Every POS provider should have strict security measures in place to protect your establishment from fraud, viruses, and data breaches.

If legitimate security measures are in place, providers will likely agree to take full responsibility should any data be compromised.

restaurant cybersecurity

                      featured-resource-buying-a-pos-system            
toast restaurant management blog

Written by: Allie Tetreault

Allie Tetreault is the Content Strategist for Toast. When she's not managing the Toast Restaurant Management blog and creating valuable resources for restaurateurs, she's belting in an a cappella group and toiling over new recipes in the kitchen. Her favorite foods are sushi and pasta -- but not together!


Leave a comment today. 

DISCLAIMER: All of the information contained on this site (the “Content”) is provided for informational purposes only and not for the purpose of providing legal, accounting, tax, career or other professional advice. The Content is provided “as-is” without any warranty of any kind express or implied, including without limitation any warranty as to the accuracy, quality, timeliness, or completeness of the Content, or fitness for a particular purpose; Toast assumes no liability for your use of, or reference to the Content. By accessing this site, you acknowledge and agree that: (a) there may be delays in updating, omissions, or inaccuracies in the Content, (b) the Content should not be relied upon or used as a substitute for consultation with professional legal advisors, (c) you should not perform any act or make any omission on the basis of any Content without first seeking appropriate legal or professional advice on the particular facts or circumstances at issue and (d) you are solely responsible for your compliance with all applicable laws. If you do not agree with these terms you may not access or use the site or Content.