The ATM Industry Association’s Debit Council has published Best Practices for Protecting the Point of Sale (POS) Lifecycle.

It is estimated that there are 20 million POS devices installed worldwide. The automation of credit and debit card transactions at the point of sale has been growing in scale since the early 1980s. There is a growing proliferation of new ways to use a card (for example, electronic commerce, mobile commerce, mobile phone top up etc), as well as new card types like pre-paid cards and new technologies such as smartcards.

It is the first time that the financial services industry, on both the ATM and POS sides of the business, has collaborated on producing security best practices for the whole POS lifecycle. The lifecycle model used in the best practices defines and addresses eight phases: cardholder security, compliance to existing industry standards, secure deployment of devices, physical security, PIN and encryption security, software security and security during the final de-commisioning process.

Since much of ATM fraud originates through card and PIN compromises at POS terminals, the ATMIA Debit Council set up a POS industry task force at the beginning of 2006 to facilitate closer collaboration between the POS and ATM industry to jointly fight debit card fraud.

“The beauty of the lifecycle model is that it helps security practictioners to identify possible security vulnerabilities throughout the life of each POS device,” commented Mike Lee, CEO of ATMIA (www.atmia.com) and founder of the Global ATM Security Alliance (GASA) (www.globalasa.com).

This manual, jointly authored with key manufacturers of POS devices, is intended for several audiences:

• Retailers
• POS processors
• Encryption Service Organizations
• Auditors, Security personnel
• Managers who have responsibility for securing their POS installations and for meeting network and PCI requirements

For more information, please contact Mike Lee at mike@atmia.com.