Hi Payal,
I hope this finds you well. This is a great question. You are absolutely correct, POS terminals and the vendors who provide service for them are considered high-risk vendors and will have to be treated as such. You need to make sure the vendor that is providing the POS equipment and servicing it has a hiring policy in place that includes background checks and drug screens. All employees should have a background check, performed by the vendor, since they will be providing service to the equipment and may have access to credit card information and other non public personal information.
You may want to check your Visa contract and see if it has provisions for PCI compliance as well. PCI compliance isn't a regulatory requirement; normally it is a contract term & condition with Visa, Mastercard, etc..
If you have anything to add feel free. We like to have as many thoughts/opinions as possible.
Original Message:
Sent: 10-03-2020 10:44 AM
From: Payal Bhojwani
Subject: POS Terminal contracts
Dear All,
What are the risks triggered in POS terminal contracts with third parties?
As per my knowledge Point of sale Terminal contracts trigger Infosec and Cyber security risks,Business continuity and physical security risks.Will such relationships trigger HR risks also. If yes do all the employees of the vendor need to be screened regardless of whether they are entering the bank premises or not?
Thanks in advance!