Unfortunately, carwashes are prime targets for burglaries. Whether vandals cut open or rip out entire coin boxes the old-fashioned way or hackers swipe credit card information from modern point-of-sale (POS) systems, all types of pay stations are susceptible to crime. However, there are ways to minimize the risks of having your pay stations targeted or tampered with. Whether by reinforcing their physical structures, setting up guards and alarms or building virtual firewalls with the latest cybersecurity software upgrades, you need to do everything you can to turn your pay station into a fortress.

Calling all reinforcements

Despite the technologically advanced society we live in nowadays, when it comes to money, the traditional burglary methods are still, unfortunately, employed by many criminals. Where pay stations — whether coin boxes or POS systems — are concerned, burglars will either attempt to break into the system or simply use a vehicle to uproot the entire terminal from the ground.

As Bob Krist, director of sales at Hamilton Manufacturing, says, “A safe pay station begins with the overall design of the unit — if it immediately gives a visual perception of strength and protection, thieves will know they have a tough task ahead.”

There are a variety of pay stations on the market, but Krist notes that the most secure ones have the following features:

  • A thick grade of stainless steel for the entire unit — cabinet, door and base
  • High-security locks
  • Steel backer plates in areas such as screens or card readers (which are often targeted as weak points on a terminal)
  • Separate vaults for the cash-holding areas (so that, even if thieves get past the main door, there is still another heavily-protected area to get through before accessing the money)
  • Minimal hook points.

“Minimizing ‘hook points’ is a component of design that is sometimes overlooked,” Krist explains. “By making a pay station difficult to attach a winch hook to, the chances of someone trying to tear the unit out with a truck or car are lowered.” However, Krist warns, even if a terminal has minimal hook points, it still needs enough mounting points for the base and main kiosk to keep it firmly secured to the concrete.

According to Rich Carpenter, Unitec director of product development, “When more physical security is warranted, it’s best to install the pay station within a brick (or similar) enclosure to prevent forceful removal of the entire unit and to inhibit break-in attacks. Pay stations can be further secured by attaching metal grates or panels over the front surfaces to prevent break-ins.”

However, reinforcing the pay station itself is only one aspect of making it an unattractive target. You must also analyze your property and figure out which areas appear vulnerable to an attack; then, take steps to either reduce that vulnerability or, if you are building a new carwash, disregard that area for your pay stations. Both Krist and Carpenter recommend that, if your site can support such a layout, you position the payment kiosks so they are visible from the street. Also, make sure the area is well-lit, and, if you desire, set up video surveillance on the terminals directly.

“An attempted break-in is less likely to occur if the criminal is forced to do it in view of other businesses and passing cars or pedestrians,” Krist explains. “Using modern LED lighting to illuminate the pay station not only creates an aesthetically pleasing focal point at your wash, but [it also] eliminates the cloak of darkness many criminals use to carry out their actions.”

Carpenter adds that if you do business with an experienced carwash equipment distributor, you should request a site review to identify opportunities to improve your site security and any of the associated costs of doing so.

Finally, Krist notes that regularly maintaining your pay station — keeping it free of dirt and chemicals, replacing broken or worn-out parts as well as faded or peeling decals — not only gives customers confidence in your business’ ability, but it also alerts thieves to the fact that you regularly inspect and maintain the machines, leaving them less vulnerable.

Stay armed and at the ready

Of course, reinforcing the body of a pay station is all well and good, but even the strongest defenses will fall if unattended by sentries.

According to Jason Sears, communications manager at Innovative Control Systems (ICS), “While the industry’s finest payment terminals are built to withstand the prying of would-be thieves, the best way to prevent theft and damage to your equipment is through the use of sonic sensors and seismic sensors that detect suspicious behavior, summon law enforcement and warn the intruders away before they can negatively impact your business.”

Sonic or shock sensors detect movement in front of the terminal while seismic sensors detect any attempts to tamper with it, Sears explains.

Coupling these sensors with on-site alarm systems that notify the authorities as well as lights and sirens are other ways you can configure modern pay stations to draw attention to themselves in the event that they are being targeted. According to Sears, there are even pay stations that can play videos to warn off anyone currently burglarizing the terminal.

Additionally, Krist notes, sonic/shock sensors also come in handy in cases when a customer accidentally hits the pay station.

Kevin McLoughlin, senior sales consultant at Washify, adds, “Some of the newer pay stations have onboard alarm and warning systems with numerous ways to set off an alert. Some have a vibration sensor that will set off an alarm as well as a proximity sensor that can send an alert. There are even some pay stations that have a video camera inside that unit which can detect motion and have the ability to trigger an alarm.”

Carpenter notes that, for those pay stations that cannot be wired into the central alarm system of a carwash, a security system technician should be able to install door switches and shock sensors that are wired to the carwash’s alarm system.

Related: Carwash security best practices

Many modern pay stations are also equipped with cloud-based technologies that, via remote monitoring, provide real-time information and alerts to carwash owners, according to Krist. This information includes the status of the hopper contents, whether a vault door is unlocked or if the pay station suffered a heavy impact. 

And, while these modern offerings are a fresh take on security, Carpenter advises adding some of the more old-school tech around your pay stations as extra precautions. “Although not new technology, motion-sensing lighting and video surveillance can serve as deterrents, and video has proven to be valuable in the capture and prosecution of carwash thieves and vandals.”

Remember, when looking for security cameras, it’s best not to simply go cheap. You’ll want high-definition video that can capture the best facial images of those trying to vandalize the payment terminal.

Hack attack

As you are undoubtedly well aware, in addition to the traditional burglars, modern pay stations with credit card acceptors and other software are also susceptible to hackers.

Related: Why you need to care about cybersecurity

If you’re shopping for new payment terminals, Sears recommends utilizing a provider that offers a credit card processing solution that includes end-to-end encryption, security services that include specially configured firewalls that protect your network from intruders and multiple levels of malware detection to keep you safe from viruses.

Furthermore, he adds, check if the payment terminal manufacturer has close involvement with the Payment Card Industry (PCI) Security Standards Council or employs specialists that are certified by the council, thus allowing you to more easily confirm that you are in compliance with the most rigorous PCI requirements.

However, there are other ways you can protect the payment terminals you already have. Remote access services with weak passwords are one way that hackers can breach your POS systems to install malware; as such, Melanie Carter Spohn, DRB Systems information security analyst, recommends that if you have remote access to your POS systems, consider implementing multi-factor authentication.

Furthermore, Spohn adds, “There are some POS systems that use proprietary software; however, all systems connected to the internet [are] seldom patched, if ever. Hackers may exploit known vulnerabilities on these systems in order to gain access to customers’ data. All business systems should be tested on a recurring basis to ensure that any vulnerabilities identified are remedied in a timely manner.”

To that end, make sure your pay station software is always updated to the latest version recommended by the manufacturer, as these updates provide critical security upgrades.

Carpenter also warns that carwash owners need to be aware of credit card skimmers, small devices that thieves attach to card readers to steal customers’ credit card information. If this data is sold for fraudulent use, carwash owners who have been compromised may also be responsible for the resulting fraud. As such, Carpenter advises regularly inspecting your pay station equipment for suspicious changes to the card reader or devices inside the terminal that are connected to the card reader electronics or cabling.

While knowing about all the ways modern pay stations are susceptible to hacking is no doubt daunting, there is hope that, as technology progresses, so too will pay station security. For instance, McLoughlin mentions, “Some of the newer systems are cloud-based and do not have an on-site server for the hacker to hack into. This makes hacking into the POS system extremely difficult, as the hacker would have to actually hack the cloud provider.” 

Responding to an attack

Always imagine the worst-case scenario, so you’re never caught unprepared. In this case, you’ve been hacked, or you suspect you have. How can you tell?

According to Spohn, some of the more obvious signs of hacking are system slowdown, pop-ups and new or unfamiliar icons on the desktop. More difficult signs to identify include suspicious network activity, the hard drive running out of space, disabled security services/solutions and the inability to access the task manger, control panel or command prompt.

“If you suspect that your POS system has become compromised by a hacker, contact your managed services provider, along with your municipality’s local law enforcement agency and your POS provider,” Spohn concludes.