What Is PCI Compliance?
New Restaurant Owner? What Is PCI Compliance?
If you think being in compliance with the Payment Card Industry (PCI) regulations only applies to retail businesses, think again. If your restaurant accepts credit card payments, you must be in compliance with PCI. In fact, when you signed your merchant agreement with Visa and with MasterCard, you agreed to comply with PCI security standards. Find yourself out of compliance—and your business risks being subject to data breaches and costly fines.
On average, the costs associated with a data breach at a restaurant can range from $155 to $305 per customer record stolen. Considering the dozens or hundreds of diners your restaurant serves each day, that number can add up quickly. Don’t risk being put out of business by not being compliant with the PCI standards at all times.
Reaching full PCI compliance
Whether you know it or not, restaurants are at high risk of credit card data compromise and fraud. You might also be surprised to learn that small, locally owned restaurants are often more of a target for a data breach than large national chain restaurants. That’s because fraudsters often prey on these small businesses that don’t fully understand the scope of PCI and all of the ways they should be protecting themselves. Don't fall victim to data criminals or fraudsters just because you don’t have all the facts about PCI compliance.
The best way to arm yourself against fraud is by reaching—and maintaining—PCI compliance in all aspects of your payment processing. Here’s how you can go about reaching PCI compliance:
- Build and maintain a strong data network, including comprehensive firewalls and unique passwords for each system user
- Protect customer data by using encryption or tokenization
- Regularly update your system’s defenses, including anti-virus and anti-malware software on all your restaurant’s computers and devices
- Commit to running regular system checks that test and monitor all network activity and ensure that sensitive data is safeguarded
- Publish an information security policy for your restaurant to which all employees and partners are accountable
- Complete a compliance assessment to understand where your systems stand today with PCI compliance
What’s more, in order to be in compliance with PCI standards, your restaurant must be using only Payment Application Data Security Standard (PA-DSS) certified payment processing and POS solutions. Check out the full list of compliant systems on the PCI Security Standards Council website.
Maintaining complete PCI compliance
Reaching PCI compliance is certainly not a “fix it and forget it” process; to the contrary, PCI compliance is an ongoing process of monitoring, validating, assessing and adjusting your systems as needed for the best protection. And, everyone who works at your restaurant has a responsibility to do their part in compliance. Here’s a basic checklist to keep handy to be sure your restaurant and systems are remaining PCI compliant:
- Never store or transmit complete credit card numbers or other sensitive information
- Never transmit credit card information without using tokenization or encryption technology
- Perform routine vulnerability scans of your systems
- Require security awareness training for all of your staff
- Conduct audits of system access
- Monitor your system activity logs
- Remove access privileges of people no longer employed by your restaurant
- Install software patches and updates in a timely fashion
- Take security threats seriously
- Have an incident response plan in place
- Read and follow the PA-DSS Implementation Guide for your POS software
Your payments processor: Your partner in PCI compliance
Being compliant with PCI standards is a necessity in the restaurant business. Whether you have a quick service restaurant, a fine dining establishment or a coffee shop, ensuring your systems are up to snuff with PCI will go a long way in the future success and growth of your business. If you are ever in doubt about PCI compliance, your credit card processor is your best resource. They have many years of experience in the credit card processing industry and understand the unique challenges that restaurants may face in becoming and staying compliant.
At Your Fingertips
It's a big job to buy the perfect POS System. This is a robust guide to get you equipped to ask all the right questions to potential providers.
Choosing a POS can be complicated. Use this cheat sheet to narrow your search and find the right point of sale system.