4 Restaurant POS Security Questions to Ask Your POS Partner


2 Minute Read

Nov 09, 2017

You must have Javascript enabled in order to submit forms on our website. If you'd like to contact Toast please call us at:

(857) 301-6002


Just so you know, we’ll handle your info according to our privacy statement.

Pos Security Questions


The following is an excerpt from The Definitive Guide to Restaurant POS Systems

Data is a powerful tool in the restaurant industry. It’s also often sensitive and classified. The storage and protection of credit card data has been scrutinized in recent events, with hacker attacks in both retail and foodservice establishments.

Before purchasing a restaurant POS system, it's crucial that you understand areas of potential data weakness, as well as ask important questions about POS security.

1. Does the point-of-sale system run on Windows XP? 

On April 8, 2014, Microsoft stopped supporting the Windows XP operating system.

This means that any POS system that runs Windows XP no longer receives important security updates and is no longer PCI compliant.

Do not choose a POS system that runs on Windows XP. If you’re currently using an XP-based system, it’s time for a change.

You will be required to pay for an expensive software upgrade or be at serious risk for fraud and viruses.

2. How is POS data encrypted? When is credit card data stored in the system? 

In order to prevent data breaches and fraud, your POS system should encrypt data the moment a credit card is swiped.

All sensitive data should also be encrypted when it is stored on your POS server, so it’s nearly impossible for someone to access your database and steal classified data. How does the POS system encrypt data?

Identify potential weak points by inquiring how and when credit card data is stored and encrypted in the system.

3. Who has access to the server and the data on it?

Your system should allow you to restrict access to sensitive data.

Anyone who is granted access to the data should be required to enter personal login information so you can track who is interacting with your data and hold the right people accountable if something goes wrong.

Usually, data access is limited to management.

Decide who should have access to data and lock down the system from everyone else (your POS provider should help you).

4. Who is responsible in the event of a data breach?

If PCI compliance is important to you, make a point of asking POS providers to prove that they are certified.

Every POS provider should have strict security measures in place to protect your establishment from fraud, viruses, and data breaches.

If legitimate security measures are in place, providers will likely agree to take full responsibility should any data be compromised.



You must have Javascript enabled in order to submit forms on our website. If you'd like to contact Toast please call us at:

(857) 301-6002

First and Last Name is required
Phone Number is required
Restaurant Name is required

Are you a Toast customer? Log in to Toast.

Just so you know, we’ll handle your info according to our privacy statement.

DISCLAIMER: All of the information contained on this site (the “Content”) is provided for informational purposes only and not for the purpose of providing legal, accounting, tax, career or other professional advice. The Content is provided “as-is” without any warranty of any kind express or implied, including without limitation any warranty as to the accuracy, quality, timeliness, or completeness of the Content, or fitness for a particular purpose; Toast assumes no liability for your use of, or reference to the Content. By accessing this site, you acknowledge and agree that: (a) there may be delays in updating, omissions, or inaccuracies in the Content, (b) the Content should not be relied upon or used as a substitute for consultation with professional legal advisors, (c) you should not perform any act or make any omission on the basis of any Content without first seeking appropriate legal or professional advice on the particular facts or circumstances at issue and (d) you are solely responsible for your compliance with all applicable laws. If you do not agree with these terms you may not access or use the site or Content.