You are here:
Security and Encryption Overview
Point of Sale employs security measures, including TLS 1.2 encryption, to protect your data in transit and at rest. Point of Sale encrypts sensitive data, uses encrypted hard drives, and refrains from storing credit card data and standalone PII.
Transport Layer Security (TLS) 1.2 Encryption
We use SSL/TLS 1.2 protocols for data transit and adhere to best practices recommended by Amazon AWS. This ensures that data exchanged between our systems and clients' devices remains encrypted during transmission, mitigating the risk of interception or tampering.
Data Encryption at Rest
Any data stored on our Point of Sale (POS) devices is stored encrypted at the data level and on encrypted hard drives. This ensures that even if physical access is gained to the device, the data remains protected.
For server data, we currently use 128-bit encryption and plan to upgrade to 256-bit encryption in Q1 2024. Data encrypted on the POS app uses AES 256 encryption.
Nonstorage of Credit Card Data
Point of Sale doesn't store credit card data, minimizing the risk associated with handling sensitive financial information.
Non-Storage of Standalone Personally Identifiable Information (PII)
We don't store personal information that is not linked to your personal information, like Social Security Numbers, Driver's License numbers, bank account details, or customer credentials. This protects you from data breaches.
Encryption of Sensitive Data
All important data, including log in information for users and personal information about transactions (like name, address, email, and phone number), is encrypted at rest using Advanced Encryption Standard (AES). This makes data protection measures stronger.
Regular Security Assessments
Point of Sale does quarterly scans with approved scanning vendors (ASVs) and annual testing with Kirkpatrick Price. These scans help to find and fix system weaknesses.
Annual Security Reviews
Our security measures undergo annual reviews as part of our SOC audit process, ensuring compliance with PCI and SOC2 standards. Additionally, static code analysis is conducted to detect and address potential security vulnerabilities within our software applications.
Logging and Anypoint Monitoring
Our systems have strong logging and monitoring features. This lets us quickly find and respond to suspicious activities or attempts to gain access without permission.
User Authentication
Each user is provided with individual login credentials to access both the POS system and Admin Console, either directly or via Single Sign-On (SSO). All data is protected when it isn't used. Important data, like associate credentials and transaction data, are twice protected at the application level.
Collaboration with Audit Firms
We work with a well-known audit company to do SOC and PCI audits. These audits show that we follow industry standards and regulatory requirements.
Global Data Security Compliance
Point of Sale serves many large businesses around the world. It's met all data security requirements from a variety of regions, including North America, Europe, the Middle East, Africa, and Asia-Pacific.
