I have said it again and again. You should NOT have a POS system that is cloud based. Nothing that need to be kept confidential should be cloud based. Oracle bought Micros a couple of years ago to add to its cloud offerings. As I have said again and again, the cloud is not only insecure in its base architecture but also it is extremely vulnerable to intrusion from the barn door. The barn door in this case is the users. Considering how insecure SMS messages are(just Google SS7 protocol security for a shocker on how bad it truly is) not even cellular based Two Factor Authentication is going to help. Passwords are universally misused and lead to an easy way to get into just about anything cloud based. Even if you “only” gain user based privileges there is almost always some way to escalate those privileges.
For the POS vendors out there…PLEASE stop building insecurity into your products. it is time for the financial sector to actually practice true security. Unfortunately many POS vendors have either no idea in what they are talking about when it comes to security or they totally ignore it and hope they do not get breached. ETC Maryland can help setup your POS network to not only comply with best practices and regulations but also help design procedures and rules that will supplement your technology to prevent breaches of your customer’s private data. contact us for a full evaluation of your POS and data networks and your security posture.