In 2011, the PCI Security Standards Council rolled out new heightened security requirements for certain businesses that accept credit cards. This update clarifies the merchant’s responsibility when it comes to credit card processing and lays out clearer guidelines for the storage of customer credit card information.
Compliance with PCI standards ensures that merchants protect themselves and their customers. As many as 2,000 restaurants were the victim of fraudulent activity during 2010, meaning thousands of customers were impacted. Protecting your customers is necessary to keep them coming back to your establishment.
Restaurants must build a secure network for credit card transactions and data storage. This includes a firewall to protect data and specific requirements for strong password creation. They must also encrypt any transactions of credit card information over unsecured networks. This may sound like a lot of technical information, but there are a number of POS and software providers that offer restaurant-specific programs that incorporate necessary PCI security.
Data Access Restriction
PCI compliance requires that restaurants restrict access to customer’s credit information. This involves a unique log in for every individual and a hierarchy access. Every bus boy, waiter, or waitress does not need access to financial data on a restaurant’s computer. Physical access to data should be equally guarded. This ensures employees cannot leave the building with data regarding customer credit card accounts. PCI also requires that restaurants monitor and track any computer access. This means that a log or database is generated that details what information or software was accessed by each individual. In the case of a data breach, the log can assist with an investigation.
All merchants who accept credit cards are required to test their systems, software, and equipment on a regular basis. They should ensure all security measures are working and update firewalls, virus protection, and software with each new update. Frequently updated and properly working systems ensure that outside entities cannot gain credit card data through hacking.
Keep an SOP
A final requirement for PCI compliance is that restaurants keep a written and detailed policy of their security measures. This policy should also be used to train all staff. When everyone is aware of the need to be PCI compliant, the restaurant is better able to protect its customers.
Experts in data security stress the importance of complying with PCI compliance guidelines. Payment processing can possibly open businesses and customers up to high-level virtual attack. Security consultants report seeing an increase in the type of virtual information thefts that PCI guidelines were created to prevent. A restaurant’s main concern is no longer staff members with magnetic readers, but unknown internet criminals who are intent on stealing large chunks of financial data. If you are looking to process credit cards at your restaurant and seeking more information about PCI compliance feel free to contact us here at Switch Commerce.