What is PCI, and why does it matter to your restaurant? Otherwise known as PCI DSS, which stands for payment card industry data security standard, this standard was put into place to protect the information of your credit card holding guests. According to PCIComplianceguide.org, “The Payment Card Industry Data Security Standard is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.”
This standard, launched in 2006, was put into place as the credit card industry began evolving at a rapid pace. And though credit card processing is integral to any restaurant, maintaining customer security is even more important. If you’re operating with a point of sale system, consider what makes your POS compliant and any changes you may have to make.
The first step in ensuring that your point of sale system is PCI compliant is to install a firewall which is used to protect the incoming information. This keeps the information safe as you process credit cards, as well as after the information is stored.
When you do this you want to be sure the software is customized to your business so hackers are less likely to break in. Change passwords and create your custom protection system based on specific security needs.
Protect Cardholder Data
All in all, this standard is put in place to protect the card holder’s data. However, this isn’t as simple as installing your firewall; you’ll need to take it one step further. RetailSystems.com suggests, “Encrypt transmission of cardholder data across open, public networks and the internet.” In addition, be sure only the first six or last 4 numbers of the credit card are displayed on the receipt.
Allow minimal access
Once the data is within your system, any number of people can reach it; specifically employees. Because of this, you want to restrict access to this part of the software to just those people who need it. Consider granting special access to managers, owners, partners, etc. Give them specific access numbers so you can see if an employee has breached the system with someone else’s ID.
The final requirement for a PCI compliant POS is to monitor your security and information access at all times. There are a number of aspects for you to monitor.
- Employee access: When are your approved employees accessing it; be sure they were physically in-house when it happened and had a valid reason to be looking through this information.
- Updates: Be sure that you are regularly updating your firewall and other security software. When out of date, you may not be getting the coverage you need to remain compliant.
- Test: Run tests on your software and security systems often. This ensures that no card numbers or information gets through if something has gone wrong without your notice.
As a fully functioning restaurant, it’s imperative that your POS is PCI compliant. If not, and card holder data is jeopardized, you could get fined anywhere from $5,000 to $100,000. This fine is given to the bank you operate through and will inevitably be passed down to you. Not mention, it is also safe to assume your relationship with that bank will end. Don’t take the risk – protect yourself and your customers by staying PCI compliant.