Follow on Google News
News By Tag
* Pos
* Point Of Sale
* Restaurant Pos
* Restaurant Point Of Sale
* Restaurant Pos System
* Pos Systems
* Restaurant Pos Equipment
* More Tags...
Industry News
* Pos
* Restaurant pos
* Point of sale
* More Industries...
News By Location
* United States
* More Locations...

Country(s)
United States
Australia
India
Hong Kong
England
China
- - -
More Countries


Industry News





April 2025
FrThWeTuMoSuSa
111098765

Follow on Google News

How To Pass A PCI & Credit Card Security for Retail and Restaurant POS: Background

Worried about your PCI & Credit Card Security exam? Well here a couple of tips that can help you. If you need more information or guide, you can always ask your local POS expert.
By:
 
Sept. 7, 2009 - PRLog -- Background on PCI & Credit Card Security

Restaurateurs and their customers have long been enjoying the convenience brought by credit and debit cards for many years. However, given the sky high cost and frequency of credit fraud, the major card brands such as Visa, MasterCard, American Express, Discover and JCB have taken preventive measures to safeguard their stakeholders.

IBM was the one who invented the mag stripe on credit cards in 1968 which became the industry standard. Since the track data is easy to read and duplicate on the mag stripe, the card brands, with the set of standards that the Payment Card Industry Security Standards Council has built, it clearly stated the first directive: ‘Don’t store track data.’

The Payment Card Industry (PCI) Standards

The PCI Security Standards Council has taken a three-pronged approach to protecting consumers, banks and merchants/restaurateurs:

   * PCI DSS (Payment Card Industry Data Security Standard) ‐ covers all entities that store, process, or transmit cardholder data: Merchants, restaurateurs, service providers, processors, etc.

Deadline for Compliance: January 2007 (deadlines are long passed)

It Means – Restaurant owners, regardless of their establishments' size, must complete and submit a PCI Self-Assessment Questionnaire to their Acquiring Bank yearly.

   * PA‐DSS (Payment Application Data Security Standard) ‐ involves all applications used to store, process, or transmit cardholder data as part of authorization or settlement. (Point-of-Sale (POS) application developers)

Deadlines for Compliance:

Oct. 1, 2008 ‐ Only the software that is compliant with the new payment application security standards must be used by agents, merchants and payment processors.

Oct. 1, 2009 ‐ Termination of any non-compliant payment applications that merchants might still be using in their environments will be required.

July 1, 2010 ‐ Mandates the use of only those payment applications that support the new standards.

This Means – If, after the deadline, a merchant/restaurateur is not running a PA DSS-validated application, means that they automatically fail their PCI assessment and could lose their ability to accept credit cards.

   * Pin Entry Devices (PED) Standard – this covers all PEDs and it aims to ensure that the cardholder’s PIN, and any sensitive information such as resident keys, are protected consistently at a PIN acceptance device.

Deadline for Compliance:

Jan. 1, 2004 ‐ To all newly purchased Point of Sale (POS) PIN Entry Devices, they must pass by a recognized laboratory of Visa and be approved by Visa.

July 1, 2010 ‐ Mandates that each Point of Sale (POS) PEDs must have passed the testing of a PCI recognized laboratory and been approved by the PCI SSC.

This Means ‐ All Merchants/restaurant owners will have two years to replace their older and/or unapproved PEDs.

The Do's With Payment Card Industry (PCI)

   * Do routine vulnerability scans of your systems.

   * Have a security awareness training for your employees.

   * Audits for system access.

   * Monitor your system activity logs.

   * Separated employees must have their access privileges removed.

   * Install software patches for your system.

   * Be serious when it comes to any threats, device an incident response plan.

The Don’ts of Payment Card Industry (PCI)

   * Whole credit card numbers should not be stored or archived.

   * Do not transmit credit card information unencrypted.

   * With Payment Card Industry, it is not just about making you compliant with these standards – it's all about keeping you and your customers protected.

What Restaurateurs Get From PCI

Given consumers’ expectation of ever-present acceptance of using credit and debit cards, a restaurateur’s validation that they are protecting their customer’s personal information is good for business:

Business Reputation / Image

In any competitive business – no restaurant owner would want to be named as the placed where card data was stolen.

Protects Ability to Accept Credit / Debit Card Payments - by not complying and/or a breach can endanger a restaurateur’s ability to accept credit/debit payments. There are cases that 80% to 90% of transactions are from credit/debit card accounts. Losing your restaurant's ability to accept credit cards means reduced customers.

Impact of State Privacy Laws

Failure to comply with the set of rules that discloses individual's credit card data with any of the 40+ States governed by the privacy laws may experience double impact on the side of the merchant/restaurateur. Being off-side with PCI might result in penalties and litigation costs. Being off-side with State Privacy Laws is a felony with possibly more serious penalties.

Compliance / Security Strategy

   * Make sure you are using a PA‐DSS or PABP validated POS system

   * Make sure you're using an approved PED

   * Have regular security awareness training for your staff - particularly supervisors

   * Do background checks on anyone that has administrative access to your system

   * Have a ‘Confidentiality Agreement’ contract with your staff

   * When completing your PCI Self Assessment Questionnaire (SAQ), carefully and accurately complete the form and when you're not sure with your answers, just ask

   * If gaps in PCI compliance are identified, develop a realistic plan to straighten it out

   * Maintain mature controls to sustain compliance

   * Accessing controls

   * In system and device management, always have a dual factor

   * Strong passwords and secure password storage

   * Monitoring to detect attack and record evidence

   * Controlling your wireless access points

   * Maintain a secure configuration

   * Segment networks

   * Maintain an Incident Response Plan and Test It

   * Testing and auditing the cardholder environment

It can be a daunting task the first go around but when the above are in place, a PCI compliance is not an expensive undertaking. It is good business practice to protect the sensitive information that your customers entrust with you.

------------------------------------------------------------

Want To Ask a Point of Sale (POS) Expert?

You can visit http://www.pos-for-restaurants.com anytime for more information or advice about this topic, a Restaurant POS professional serving your area will be willing to answer your questions.

The author of this article writes for POS-For-Restaurants.com - a VP of Customer Relations with over 20 years experience in the restaurant point of sale industry.

------------------------------------------------------------

# # #

Searching for the best Restaurant POS System Solution for your business?
We're a National network of POS System Solution Experts who offer better value and features than most "Major National Suppliers"!
End
POS For Restaurants News
Trending
Most Viewed
Daily News

Most Viewed
Daily News

Sep 07, 2009 News



Like PRLog?
9K2K1K
Click to Share