POS terminals, kiosks, and signage. One dashboard. Updated overnight.
PCI DSS 4.0 enforcement hit in March 2025. Every endpoint that touches card data is now in scope. Legacy terminals running EOL operating systems are classified as non-compliant high-risk. VelaOS replaces them with a read-only, managed endpoint at a fraction of the cost.
PCI DSS 4.0 now mandates MFA on all access to the cardholder data environment
PCI SSC, March 2025 enforcement deadline
What retail IT teams are dealing with
PCI DSS 4.0 compliance across distributed endpoints
Full enforcement requires MFA on all CDE access, anti-tamper controls, and retirement of legacy terminals running unsupported operating systems. Multi-location retailers face the highest audit surface — every store endpoint is in scope.
Managing thousands of endpoints across hundreds of locations
Heterogeneous endpoint types — POS terminals, self-service kiosks, digital signage, back-office workstations — each with different update schedules, policies, and security requirements. One policy change propagated to 12 000 devices takes a traditional team weeks.
Legacy OS retirement under compliance pressure
Windows 7 and Windows 10 POS terminals are now classified as non-compliant under PCI DSS 4.0. Replacing them with purpose-built thin clients is faster and cheaper than upgrading to Windows 11 on aging hardware that may not meet the system requirements.
Compliance landscape
PCI DSS 4.0
Mandatory since March 2025 for all card-processing endpoints
SOX
Publicly traded retailers — IT general controls
CCPA / CPRA
California consumer privacy — applies to customer-facing kiosks
How VelaOS helps
- Read-only OS eliminates persistent malware on POS terminals
- Policy inheritance pushes a single configuration to every store location
- 60-second enrolment means new-store rollouts are measured in hours, not weeks
- Ring deployment lets you update 50 pilot stores before touching the other 400
- Digital signage playlists managed from the same dashboard as POS endpoints
Typical retail fleet profile
Fleet size
5 000 – 50 000 endpoints across stores
Refresh cycle
5 – 7 years for POS hardware; VDI thin clients extend lifecycle by 2 years
Common VDI
Citrix dominates retail VDI. Azure Virtual Desktop growing. Many retailers shifting from thick POS clients to cloud-managed kiosk modes.
Run the numbers for your retail fleet
Pre-filled with 5,000 devices — the typical starting point for retail.