Point of Sale (POS): PCI & Credit Card Security Background

With these set of standards, you be protecting your valued customers as well as the reputation of your business. The PCI & Credit Card Security is established so restaurants can properly serve and safeguard their customers' sensitive data.
Spread the Word
Listed Under

Point Of Sale
Restaurant Pos
Restaurant Point Of Sale
Restaurant Pos System
Pos Systems
Restaurant Pos Equipment

• Pos
• Restaurant pos
• Point of sale


Sept. 7, 2009 - PRLog -- From the day magnetic strip cards was introduced to people, both restaurant owners and their customers have been enjoying the convenience of accepting and using credit and debit cards. However, given the sky high cost and frequency of credit fraud, well established card brands (Visa, MasterCard, American Express, Discover and JCB) have taken preventive measures to safeguard their stakeholders.

It was in 1968 when IBM created the magnetic stripe on credit cards and became the industry standard. Given that the track data on the mag stripe can easily be read and duplicated, the branded cards, the Payment Card Industry (PCI) Security Standards Council built a set of standards protect cardholder data, and it begins with the directive: ‘Don’t store track data.’

PCI Standards

The PCI Security Standards Council had a three-pronged approach to protecting consumers, banks and merchants/restaurateurs:

   * PCI DSS (Payment Card Industry Data Security Standard) ‐ includes all entities that store, process, or transmit cardholder data: Merchants, restaurateurs, service providers, processors, etc.

Compliance Deadline: Month of January 2007 (deadlines are long passed)

What it Means – Restaurant owners, regardless of their establishments' size, must complete and submit a PCI Self-Assessment Questionnaire to their Acquiring Bank every year.

   * PA‐DSS (Payment Application Data Security Standard) ‐ embraces all applications used to store, process, or transmit cardholder data as part of authorization or settlement. (Point-of-Sale (POS) application developers)

Deadlines for Compliance:

Oct. 1, 2008 ‐ Payment processors, agents and merchants must use software that is compliant with the new payment application security standards.

Oct. 1, 2009 ‐ Terminate any noncompliant payment applications that merchants might still be using in their environments will be required.

July 1, 2010 ‐ Mandates the use of only those payment applications that support the new standards.

What this Means – After these deadlines, merchants/restaurateurs that are still using a non-PA DSS-validated application, they automatically fail the PCI assessment and could lose their ability to accept credit cards.

   * Pin Entry Devices (PED) Standard – includes all PEDs and is aimed at ensuring that the cardholder’s PIN, and any sensitive information are protected consistently at a PIN acceptance device, like your resident keys.

Deadline for Compliance:

Jan. 1, 2004 ‐ To all newly purchased Point of Sale (POS) PIN Entry Devices should pass testing by a Visa recognized laboratory and approved by Visa.

July 1, 2010 ‐ Mandates that each Point of Sale (POS) PEDs must have passed the testing of a PCI recognized laboratory and been approved by the PCI SSC.

What this Means ‐ All Merchants/restaurant owners gets two years to replace their old and unapproved PIN Entry Devices.

PCI Do's

   * Do routine vulnerability scans of your systems.

   * Do security awareness training for all of your staff.

   * Audits for system access.

   * System activity logs should be monitored.

   * Access privileges must be removed for separated employees.

   * Install software patches.

   * Be serious when it comes to any threats, device an incident response plan.

PCI Don’ts

   * Whole credit card numbers should not be stored or archived.

   * Transmitting credit card information unencrypted should not be practiced.

   * With PCI, it's not just about making you compliant with the standards – it's all about making you and your customers protected.

PCI's Effect on Restaurateurs

Given consumers’ expectation of universal acceptance of using credit cards, merchants'/restaurateurs’ validation that they are providing protection to their customers' personal data is helpful for business:

Business Reputation / Image

For a highly competitive business – a restaurant owner does not want to be named in the media as the place were card data was stolen.

Protects Ability to Accept Credit / Debit Card Payments - by not complying and/or a breach can jeopardize a merchants'/restaurateur’s ability to accept credit/debit payments. There are cases that 80% to 90% of transactions are through credit/debit payments. Losing your store's ability to accept credit/debit cards can cause reduced customers = reduced sales.

Impact of State Privacy Laws

A failure to meet one's obligations that discloses personal credit card information with any of the 40+ States with privacy laws may have a double impact on a restaurateur. Being off-side with PCI might result in fines and lawsuit costs. Being off-side with State Privacy Laws is a crime punishable by confinement with potentially more serious penalties.

Compliance / Security Strategy

   * By making sure your restaurant or store uses PA‐DSS or PABP validated POS systems

   * Ensure you are using an approved PED

   * Arrange for regular security awareness training for your employees, especially for supervisors

   * Do background checks on any employee with administrative access to your system

   * Have your staff sign a ‘Confidentiality Agreement’

   * When it comes to your PCI Self Assessment Questionnaire (SAQ), carefully and accurately complete the form and when you're not sure with your answers, just ask

   * If gaps in PCI compliance are identified, develop a realistic plan to remediate them

   * Be matured in sustaining compliance

   * Access controls

   * Dual factor for system and device management

   * Proper storing of your strong passwords and secure passwords

   * Regularly monitor system activities for possible attacks and record evidences

   * Controlling your wireless access points

   * Maintain secure configuration

   * Segment networks

   * Have an Incident Response Plan and test it to make sure that it's always ready when needed

   * Test and audit the cardholder environment carefully

It may be difficult task the first time but when all the above are in place, a PCI compliance is not an expensive undertaking. It is good business practice to protect the sensitive information of your customers.


Any Questions?

You can visit http://www.pos-for-restaurants.com anytime for more information or advice about this topic, a Restaurant POS professional serving your area will be willing to answer your questions.

The author of this article writes for POS-For-Restaurants.com - a VP of Customer Relations with over 20 years experience in the restaurant point of sale industry.


# # #

Searching for the best Restaurant POS System Solution for your business?
We're a National network of POS System Solution Experts who offer better value and features than most "Major National Suppliers"!
Email:***@kisse.us Email Verified
Tags:Pos, Point Of Sale, Restaurant Pos, Restaurant Point Of Sale, Restaurant Pos System, Pos Systems, Restaurant Pos Equipment
Industry:Pos, Restaurant pos, Point of sale
Location:United States
Account Email Address Verified     Disclaimer     Report Abuse
POS For Restaurants PRs
Trending News
Most Viewed
Top Daily News

Like PRLog?
Click to Share