Securing your Shopify POS setup
Having a security strategy for your business helps keep your Shopify POS device, transactions, and customer data safe. This guide outlines best practices for POS security and tools for reacting to threats to your POS data, such as lost or stolen POS devices.
On this page
Protecting your Shopfiy POS device
To protect your Shopify POS devices from unauthorized access, use the following security settings built into iOS and Android devices:
- Find my device: allows you to track the location of your device if it's lost or stolen.
- Remote wipe: allows you to erase your device's data if it's lost or stolen.
- Auto-lock: allows you to automatically lock the screen within a set time frame when the device isn't supervised by staff.
To make sure the screen lock on your device is secure, set a strong PIN. A strong PIN is composed of all different digits.
If you manage large numbers of devices, then you can use MDM (Mobile Device Management) software to manage all of your devices simultaneously. You can use Apple Configurator for iOS devices or an Android recommended MDM for Android devices.
With MDM, you can configure and manage the following security settings on all of your devices from one device:
- Enforce passcode.
- Lock and wipe a device.
- Reset-clear the passcode.
- Track device location.
- Manage updates.
Protecting your Shopify POS data
To protect your POS data, keep your iOS or Android device, and your POS app up to date. Apple and Google release patches for known security vulnerabilities in their OS updates. Shopify POS app updates also resolve bugs and security related vulnerabilities.
You can turn on the following automatic updates on your iOS device:
Most Android updates happen automatically, but you can manually check for system updates. You can also activate automatic app updates.
If you want to prevent instant system or app updates, then you can use an MDM (Mobile Device Management) software. Consider having a quick release plan for Apple and Android updates to make sure you're up to date with the latest features and security fixes.
Guidelines for tap limits
Tap limits are the maximum amount a customer can pay with their card using a tap function. Tap limits are determined by the bank that issues the card and are in place to protect you and your customers against fraud.
The following guidelines apply to tap limits:
- Tap limits vary between card and region.
- Some regions allow tapping a card and entering a PIN to approve higher value payments.
- Tap limits might be higher or unlimited for mobile wallets such as Apple Pay, Google Pay, and Samsung Pay.
- Tap to Pay on iPhone and Tap to Pay on Android have the same limits as card readers.
- Tap limits are enforced by cards and the banks that issue them and not by Shopify Payments. Tap limits aren't configurable.
The Shopify card readers prompt customers to insert the card and enter their PIN as needed. For higher tap limits, encourage customers to pay with mobile wallets.
Managing staff permissions
Keep your store settings and data safe by setting appropriate POS roles and permissions for each staff member. Roles and permissions determine how much access each staff member has to view data and perform actions within the POS app. You can also restrict POS staff from performing certain actions on the POS app without approval from another POS staff with appropriate permissions.
To keep your admin data secure, you can restrict POS staff from accessing your Shopify admin by creating POS only roles.
Training staff on Shopify POS security
Train staff on POS security best practices, such as creating secure passwords. Regularly training staff on the importance of POS security helps keep your store's and customer's data secure.