One of the worst nightmares a small business owner could face is dealing with point-of-sale (POS) malware. Malware is defined as “malicious software” that damages a computer or POS system without the owner’s consent or knowledge. For the merchant, this could mean major losses and prove to be fatal for a smaller business. How can a business prevent POS malware and what should they do if a breach has occurred? 


If you are not able to partner with a professional POS company or payment processor to investigate your software, here are some protective measures you can take as a merchant to stop malware from possibly occurring:


  • Change all weak passwords within your POS system to something stronger. Experts advise passwords need to be at least seven characters, contain a capital letter, one number, and one special character.
  • Inspect all logs (connection, firewall, or Windows Security Event) for any attempts of a login from a foreign IP address. Make sure to use firewalls as much as possible, so that POS systems are isolated from other networks.
  • Examine your running processes and notice if there are any slightly misspelled names occurring from an authentic directory. Processes are programs or bits and pieces of programs that are operating within your computer system. Be sure to evaluate the process name and path from where each process was executed.  
  • Only use security software that has advanced monitoring, vulnerability management, and has anti-fraud functionality
  • Be sure to add network protection that will reveal any unforeseen traffic that is coming or leaving the POS system. Such examples may include traffic from an unexpected host, traffic that is unencrypted, or that is using an unexpected protocol.
  • Although anti-virus products are not always completely effective at removing all malware, experts still recommend that small businesses install, maintain, and update a trustworthy anti-virus program on all of their POS systems. Make sure that the anti-virus program is configured not only to quarantine a detected file but to also delete it.
  • Consistently check your POS systems for any sort of physical corruption.


If your small business POS system happens to become infected with malware and a breach has occurred, there are several actions you need to address as soon as possible:


  • Inform your merchant bank and payment processor. The bank will need to report the incident to the card associations promptly.
  • Inform your employees of the data breach and of any other security issues
  • You will need to obtain a dial-up terminal from your merchant bank. Your bank should be able to get you a terminal and have it up and running within 24 hours of notification.
  • If you find malware on the POS terminals, you must stop all card transactions from being processed on those infected terminals immediately.
  • Only process payment card transactions on dial-up terminals for the time being. Although dial-up is not as quick, the connection to the bank with a phone-line is a secure way to process the payments for your business.
  • No longer use the POS network to connect directly to the Internet. This will help block any extended malware to hurt your systems.
  • Be sure to take detailed notes on the breach – where the malware was located, how it was found, what kind of breach occurred, and any actions that have happened since finding the malware.
  • Contact a local PCI forensic investigator and/or a local U.S. Secret Service field office to assist with your breach.


Now is the time for small business merchants to become proactive - not only for the security of their consumers data, but for the future of their business as well.  By employing security measures to prevent malware from infecting your POS system, and knowing what steps to take in case a breach occurs, merchants will be prepared and informed for any future attacks.