Positioning of POS terminals

1. Card reader
The PIN card must not leave the cardholder’s sight. You should therefore always allow the customer to swipe the PIN card through the card reader. If this is not practicable, you should swipe the PIN card through the reader with the cardholder watching.

2. Shielding when keying in the PIN code.
a. The keypad (also referred to as the PIN pad) should be positioned so as to give your customers adequate privacy when entering their PIN code, preventing third parties from watching what number is keyed in (as far as is reasonably possible). b. The PIN pad is fitted with a hood. This hood must not be removed. If you have not been supplied with a hood for the PIN pad, contact the supplier of your POS terminal.

3. Positioning of the PIN pad
a. The positioning of the PIN pad should be such as to allow the customer to shield the keys with the other hand or with the body when entering the PIN code. The positioning of the PIN pad should therefore satisfy the following dimensional requirements:

• With the PIN pad positioned on a horizontal surface, it should be a minimum of 80 cm and a maximum of 120 cm from floor level.
• The PIN pad may only be positioned below or above these heights if special arrangements provide complete shielding for anyone entering a PIN code.

b. It must not be possible to observe the entry of a PIN code from a raised area, via mirrors, via cameras or in any other manner.

What steps can you take to maintain maximum security of PIN payments?

• Position the POS terminal in such a way as to enable the PIN pad to be properly shielded when PIN codes are entered.
• If possible, fix the POS terminal to the counter or other solid base.
• Check each day that there have been no changes affecting the POS terminal and check that the POS terminal has not been tampered with, especially if there has been a break-in with nothing stolen.
• Always ask to see the ID of any service engineers and check that their visit has been announced by the supplier.
• Make sure that it is not possible to observe the entry of a PIN code from a raised area, via mirrors, via cameras or in any other manner.
• Arrange for security cameras to scan the POS terminal and its immediate surroundings – but in a way which does not allow the entry of PIN codes to be observed – and keep the recorded data.
• Watch out for people loitering in the vicinity of your cash registers, who may try to substitute a different POS terminal for yours, especially around closing time.
• Be suspicious if your POS terminal starts behaving strangely or displaying strange messages.
• Ensure that your customers do not have to hand over their bank cards or, if they do, that the customer still has sight of the card at all times.
• Impress upon your staff that they should be suspicious of people with lots of cards or unfamiliar cards.

Security certificates
Security is crucial in any payment transaction. Together with the merchant, consumers should ensure that the payment situation is as safe and secure as possible. Even in the background, however, there are safeguards for the security of electronic payment transactions. Currence sets certain security standards for POS terminals with the object of ensuring the efficient, reliable and secure functioning of the PIN payment system.

Currence issues security certificates for all POS terminals that comply with the security standards. These certificates are valid for three years. On expiry of the three-year period, every POS terminal has to be recertified in accordance with the latest security standards.

The banks and the retail trade associations reached agreement in 2001 that POS terminals should have a useful life of at least five years. Provided there are no serious breaches of security, the latest version of a PIN POS terminal should therefore have a life of at least eight years and, if the security certificate is renewed again, the useful life can be extended to 11 years.

 Click here for details of security certificates.