32
MX 800 S
ERIES
I
NSTALLATION
G
UIDE
the terminal manufacturer to determine the next steps. Continue to perform
visual inspections weekly.
3
Focus security camera’s on PINpads.
Ensure security cameras have a clear line of sight to the PINpad terminals to
aid investigators in the event of a security compromise. Images of data
thieves and the methods they are using is invaluable information. Front
orientation cameras provide the best evidence without interfering with
customer’s actual PIN entry on the payment devices.
4
Contact law enforcement if evidence of tampering or device substitution is
found.
Law enforcement needs to be involved if there is any suspicion of data theft
crime. They will engage experts who need to respond quickly in order to
apprehend the criminals.
Technical
Activities
1
Encrypt data from the PINpad.
As terminal physical security has Increased, criminals have turned to tapping
the connection between the PINpad and the POS Terminal, or from the POS
terminal to the communications equipment. All sensitive customer data
should be encrypted before it leaves the PINpad.
2
Validate the serial number.
If your terminal contains an electronic serial number, have the electronic
serial number compared to the serial number printed on the bottom of the
terminal. If these do not match stop using the device, disconnect it from the
POS terminal or network, but do not power it down. Contact the security
officer at the terminal manufacturer to determine the next steps.
3
Validate the electronic serial number.
If the PINpad supports electronic serial numbers, implement a scheme to
validate the PINad serial number every time the POS starts up to insure the
device has not been replaced, and if it has, automatically send an alert. If the
device supports Ethernet connectivity, consider implementing a device
management solution to track all in service devices.
4
Authenticate applications
To ensure rogue applications are not installed on the PINpad and access to
ports controlled, all applications should utilize the vendor’s method of
authentication. Ensure the default certificates are changed prior to
deployment.