Clover point of sale HTTPS security concern

E

equalmenace

Beta member
Messages
2
Location
USA
Have a client who failed a PCI security audit through Bank of America due to Clover point of sale login credentials being transmitted in plain text. Needs to be switched over to HTTPS.

This is a small business and I'm walking in blind to the problem. Don't even think they have a business class ISP plan. Just a simple modem/router setup. So I doubt there are many options to address this via firewall settings, nor should that even be required given this product is marketed to mom and pops.

Their customer support has been of limited help and they have scant support documentation.

Anyone have experience with Clover POS products that could offer some advice?
 
I work for a company that sells and supports cash registers and POS, but we handle ISS45, IBM ACE, and Scanmaster. I am totally unfamiliar with Clover POS. I work in the field and not in support, but I do know that getting a system PCI compliant is a real PITA. I would say to contact my company but I doubt they would give advice but would probably try to sell them our system/services.

Are they through Fist Data? What pinpads are they using?
 
I don't think they're through First Data and that's the first time I've heard of the company. Here's Clover's business page: https://www.clover.com/

The POS device is actually a modified android tablet with a card slide reader, so there's no pin pad or anything of that nature.

I appreciate the reply. It's an unusual problem for me and I haven't received much feedback from anyone I've asked, including Clover.
 
https://www.clover.com/get-paid/security

The details are skimpy but it looks like they need to up their service to Clover Security Plus. The very first bullet point is PCI compliance. I understand that they are just a mom and pop shop but non-compliance will sink them in a heartbeat should there be a data breach. There is basically nothing you can do yourself to get them compliant unless their hardware is not up to snuff, but the Clover system looks to be new enough to be up to the task outside of additional services needed to pull it off.
 
You must log in or register to reply here.

Similar threads

grantheo
Asking for your feedback on a PHP code security scanner in beta
Replies
1
Views
852
grantheo
grantheo
XWrench3
on sale.....
Replies
2
Views
695
PP Mguire
PP Mguire
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
914
once2023
O
M
Thinking of upgrading from Ryzen 5 1400 to ryzen 7 5700G on same motherboard
Replies
0
Views
325
mikee
M
cyberoutlook
New member, looking to contribute on the IT Security front!
Replies
2
Views
791
Smart_Guy
Smart_Guy
Back
Top Bottom