News By Tag
* Point Of Sale
* Restaurant Pos
* Restaurant Point Of Sale
* Restaurant Pos System
* Pos Systems
* Restaurant Pos Equipment
* More Tags...
* Restaurant pos
* Point of sale
* More Industries...
News By Location
Point of Sale (POS): PCI & Credit Card Security Background
With these set of standards, you be protecting your valued customers as well as the reputation of your business. The PCI & Credit Card Security is established so restaurants can properly serve and safeguard their customers' sensitive data.
It was in 1968 when IBM created the magnetic stripe on credit cards and became the industry standard. Given that the track data on the mag stripe can easily be read and duplicated, the branded cards, the Payment Card Industry (PCI) Security Standards Council built a set of standards protect cardholder data, and it begins with the directive: ‘Don’t store track data.’
The PCI Security Standards Council had a three-pronged approach to protecting consumers, banks and merchants/restaurateurs:
* PCI DSS (Payment Card Industry Data Security Standard) ‐ includes all entities that store, process, or transmit cardholder data: Merchants, restaurateurs, service providers, processors, etc.
Compliance Deadline: Month of January 2007 (deadlines are long passed)
What it Means – Restaurant owners, regardless of their establishments' size, must complete and submit a PCI Self-Assessment Questionnaire to their Acquiring Bank every year.
* PA‐DSS (Payment Application Data Security Standard) ‐ embraces all applications used to store, process, or transmit cardholder data as part of authorization or settlement. (Point-of-Sale (POS) application developers)
Deadlines for Compliance:
Oct. 1, 2008 ‐ Payment processors, agents and merchants must use software that is compliant with the new payment application security standards.
Oct. 1, 2009 ‐ Terminate any noncompliant payment applications that merchants might still be using in their environments will be required.
July 1, 2010 ‐ Mandates the use of only those payment applications that support the new standards.
What this Means – After these deadlines, merchants/restaurateurs that are still using a non-PA DSS-validated application, they automatically fail the PCI assessment and could lose their ability to accept credit cards.
* Pin Entry Devices (PED) Standard – includes all PEDs and is aimed at ensuring that the cardholder’s PIN, and any sensitive information are protected consistently at a PIN acceptance device, like your resident keys.
Deadline for Compliance:
Jan. 1, 2004 ‐ To all newly purchased Point of Sale (POS) PIN Entry Devices should pass testing by a Visa recognized laboratory and approved by Visa.
July 1, 2010 ‐ Mandates that each Point of Sale (POS) PEDs must have passed the testing of a PCI recognized laboratory and been approved by the PCI SSC.
What this Means ‐ All Merchants/restaurant owners gets two years to replace their old and unapproved PIN Entry Devices.
* Do routine vulnerability scans of your systems.
* Do security awareness training for all of your staff.
* Audits for system access.
* System activity logs should be monitored.
* Access privileges must be removed for separated employees.
* Install software patches.
* Be serious when it comes to any threats, device an incident response plan.
* Whole credit card numbers should not be stored or archived.
* Transmitting credit card information unencrypted should not be practiced.
* With PCI, it's not just about making you compliant with the standards – it's all about making you and your customers protected.
PCI's Effect on Restaurateurs
Given consumers’ expectation of universal acceptance of using credit cards, merchants'/restaurateurs’
Business Reputation / Image
For a highly competitive business – a restaurant owner does not want to be named in the media as the place were card data was stolen.
Protects Ability to Accept Credit / Debit Card Payments - by not complying and/or a breach can jeopardize a merchants'/restaurateur’
Impact of State Privacy Laws
A failure to meet one's obligations that discloses personal credit card information with any of the 40+ States with privacy laws may have a double impact on a restaurateur. Being off-side with PCI might result in fines and lawsuit costs. Being off-side with State Privacy Laws is a crime punishable by confinement with potentially more serious penalties.
Compliance / Security Strategy
* By making sure your restaurant or store uses PA‐DSS or PABP validated POS systems
* Ensure you are using an approved PED
* Arrange for regular security awareness training for your employees, especially for supervisors
* Do background checks on any employee with administrative access to your system
* Have your staff sign a ‘Confidentiality Agreement’
* When it comes to your PCI Self Assessment Questionnaire (SAQ), carefully and accurately complete the form and when you're not sure with your answers, just ask
* If gaps in PCI compliance are identified, develop a realistic plan to remediate them
* Be matured in sustaining compliance
* Access controls
* Dual factor for system and device management
* Proper storing of your strong passwords and secure passwords
* Regularly monitor system activities for possible attacks and record evidences
* Controlling your wireless access points
* Maintain secure configuration
* Segment networks
* Have an Incident Response Plan and test it to make sure that it's always ready when needed
* Test and audit the cardholder environment carefully
It may be difficult task the first time but when all the above are in place, a PCI compliance is not an expensive undertaking. It is good business practice to protect the sensitive information of your customers.
You can visit http://www.pos-
The author of this article writes for POS-For-Restaurants.com - a VP of Customer Relations with over 20 years experience in the restaurant point of sale industry.
# # #
Searching for the best Restaurant POS System Solution for your business?
We're a National network of POS System Solution Experts who offer better value and features than most "Major National Suppliers"!