Hi. How can we help?

Search

Keeping your Retail POS account secure

Provided information is for general informational purposes only and should not be considered legal advice. You should consult with your own legal counsel for requirements governing your specific circumstances.

Impersonation and phishing attempts are common tactics used to scam business owners and employees. Scammers may attempt to pose as Lightspeed representatives and trick you into sharing sensitive information, providing access to your account, or moving funds.

Lightspeed will never ask you to:

  • Move funds or change your settlement account to an unfamiliar account.
  • Share passwords or multi-factor authentication (MFA) codes.
  • Act quickly, using urgency to limit your time to think or verify.
  • Keep a security matter confidential from family members or law enforcement.

If you ever receive a request like this, it is not from Lightspeed.

If you suspect someone might be using your Retail POS account without permission, follow steps to take if your account may have been compromised.

It's important to implement security best practices and take steps to keep your Retail POS account secure to help protect your business online.

Managing fraudulent communications

If you receive communication that appears suspicious:

  • Don't panic.
  • Don't click or share.
  • Don't engage.

Learn more about protecting yourself from social engineering attacks.

If something feels off, verify directly with Lightspeed before taking action on the potentially fraudulent request. If you suspect your account is at risk or may be compromised, follow the instructions in the Steps to take if your account may have been compromised section below while you reach out to the Retail Support team.

Managing users and permissions

Setting up new users with appropriate permissions for their role type and managing existing user permissions is an important part of keeping your account secure.

When setting up a new user, it's important to:

  • Create one login per user: View individual account activity, control permissions, and remove access later per user, if needed. Don't share login information, even if users are the same role type.

  • Set appropriate permission levels: Ensure everyone has the minimum level of access required to perform their job but no more than necessary.

    Retail-X-Users-permissions-update.png

It's also important to regularly review who has access to your account:

  • Review permissions: Ensure current employees have only the minimum access required.
  • Monitor access: Verify who has access to Retail POS and other systems, devices, and physical business spaces. Current or former staff who have more access to information than they need may accidentally or intentionally leak sensitive information, like client data.
  • Revoke access: When someone has left your business (including contractors and partners), immediately remove their Retail POS login so they can no longer access your data.

You can view user login activity on the Setup > Users > Activity tab.

Creating strong passwords

A strong password is critical for preventing attacks. Scammers have databases of common passwords and use programs that can break into accounts with weak credentials.

Passwords should be:

Strong

  • Long, multi-word phrases with special characters are easier to remember but harder to guess.
  • Avoid personal and business information like birthdates, phone numbers, and system names like "Lightspeed".

Unique

  • If a scammer figures out your reused password, they can access your other accounts.
  • Use different passwords for all of your email, banking, Lightspeed, and other accounts.

Private

  • Sharing passwords increases risk and makes it more difficult to track actions like who accessed sensitive information or changed settings.
  • When setting up a computer, POS, Wi-Fi network, or other system or device, immediately change the default passwords.

Secure

  • Use a trusted password manager to create, manage, and safeguard passwords for you.
  • Implement multi-factor authentication to add an extra layer of security, like a time-sensitive code from an MFA app (like Microsoft Authenticator) to verify a login attempt.

Never share passwords or security codes with anyone.

If you think a password may have been shared or compromised, follow steps to change the user password immediately.

Steps to take if your account may have been compromised

If you suspect someone might be using your Retail POS account without permission, or you've received a password reset or verification email from Lightspeed that you didn't request, a scammer may be trying to access your account.

The first and most important step is to act quickly, but don't panic. Scammers rely on fear and false urgency to pressure you into acting impulsively.

If you suspect unauthorized access to your Retail POS account:

  1. If you still have access to Retail POS, change your password by navigating to Setup > Users. If you can't log into your account, follow the steps to reset your password.

    Retail-X-Reset-password.png

    If you believe your account has been compromised and you can no longer sign in or use the account recovery function to regain access, contact Retail Support immediately.

  2. Enable multi-factor authentication (MFA) on all Admin accounts.
  3. Once your Retail POS account is secure, review the security of your associated accounts and software:
    1. Run a system scan using Microsoft Defender or another trusted antivirus software if you suspect malware may have been installed on your computer.
    2. Change passwords of the email account associated with Retail POS and app integrations like Xero.
    3. Update your computer, iPad, and other devices to the latest operating system version. You may also need to change the password used to access the device.
    4. Update your browser and apps to the latest versions on all devices.

Contacting Lightspeed about suspicious activity

If you believe you may have been the target of a scam or impersonation attempt:

  • Do not respond to emails.
  • Do not click links or download attachments in messages.
  • Do not use callback numbers given to you on the phone.

Contact Retail Support directly within Retail POS or manually enter our phone number in your phone to get in touch. Reporting suspicious activity helps us investigate quickly and protect other merchants from similar attempts.

Lightspeed is continuously investing in security controls, monitoring, and compliance programs to safeguard your data. The Trust Center provides access to compliance reports, security policies, and resources outlining our approach to security and transparency.

Keeping your Retail POS account secure

Cybersecurity is a continuous process, not a single or one-time event. Regularly verify that you and your staff are following security best practices, and update your security policies to keep up with evolving threats.

It's important to follow security best practices:

  • Be prepared: Stay informed and vigilant, train your staff, and plan for realistic business risks.
  • Secure your setup: Follow networking best practices, keep device software updated, use strong and unique passwords, implement MFA, and manage and monitor access.
  • Manage your online presence: Click with caution, review settings, and manage what's shared online.

What's next?

Following security best practices to protect your business online

Learn how to protect yourself from social engineering attacks.

Learn more

Multi-factor authentication (MFA) in Retail POS

Add an extra layer of security to your user accounts with MFA.

Learn more

Was this article helpful?