The overall purpose of information security is to control risk by managing impact of threats to information assets in most cost-effective manner. This article takes a look at a typical Point-Of-Sale (POS) solution, identifying common architectural weaknesses that can lead to data compromise. Specifically, key business priorities are assessed against POS architecture to vet solution for potential security shortcomings that could prevent it from carrying out its business mission. In many retail organizations, principal business objectives are to achieve compliance to Payment Card Industry Data Security Standard (PCI) to avoid fines and maintain proper standing in industry, while protecting brand name by avoiding breaches of customer credit card data. Many retail solutions have been carefully designed from both security and business goal perspectives. They may use hardening features such as PKI-driven strong mutual authentication of all system components, rigorous encryption of data in transit and at rest, secure unlock and update processes, etc. to be able to safely and reliably operate in most hostile of networking environments. A computer containing sensitive data that is physically stolen from a retail site can represent of a significant risk. Careful balance between business goals and security reduce risk of a compromise that can threaten retail organization's brand reputation and business operations. Compliance to PCI is not enough to safeguard information in a retail environment. This article will also assist in guiding security efforts in a POS environment. For example, weaknesses discussed here can prove to be effective at prioritizing testing attention and effort. In other words, testing, design review, code review, penetration testing, etc., processes should be prioritized in order to make most effective use of available development resources. Some mature security solutions are also environmentally friendly and addresses the green security challenge by delivering software solutions that operate on existing computing infrastructure, typically on same server as application or database being secured. The appropriate level of encryption key protection can be achieved by using a well balanced combination of software cryptography and selective use of small footprint standard commodity type Hardware Security Modules. This environmentally friendly approach can provide needed balance of protection, cost, operational needs and avoid installation of a large number of appliances.