This Forbes article argues that the pandemic has shifted consumers away from cash to cards, and that while everyone has focused on the e-commerce side of that shift, it appears PCI compliance at the POS is also a significant risk. Here’s more from the article:
“In my experience working with retailers and small businesses to improve their cybersecurity and compliance efforts, it’s clear that point-of-sale fraud often isn’t taken as seriously as it should be. That’s largely due to the massive focus that’s been put on areas like cloud and mobile security.
But when a customer uses a smartphone or any other contactless payment method, credit card numbers are left vulnerable unless they are properly encrypted. More specifically, it’s the firmware in the POS terminal that hackers target to steal credit card and other payment data.
The problem is, many merchants fail to utilize point-to-point encryption (P2PE) solutions to safeguard POS data. Without P2PE, it’s impossible to guarantee that payment data remains secure from the customer’s smartphone all the way to its destination in backend payment processing systems.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group