• (800) 846-4472
PCI Compliance

What Restaurant Owners Need to Know About the New PCI 3.0 Regulations

Lori Stafford Thomas

The Payments Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. Businesses who process even a handful of payments must verify their compliance with the PCI DSS. Maintaining and even raising security standards in the local merchant landscape is a critical aspect of restaurant operations today.

Payment security is no longer a luxury in the market; it's a necessity. Restaurants are responsible for keeping customer information secure at all times, regardless of the size or scope of their operation. By continually raising the bar for payment security, PCI standards are improving the status quo.

Per the PCI, here are a few things restaurant owners need to know about the new PCI 3.0 regulations:

1. Awareness and education has improved
As high profile data breaches and fraud captures the news headlines,  small business owners and their employees are becoming increasingly aware of the potential security threats they face. Phishing, weak login credentials and general carelessness with sensitive customer data were all contributors to theft in the past. Citing cyber risk and insurance professional firm CyberFactors, Forbes said internal employees commit nearly 40 percent of documented breaches. While some are ex workers, and others are true criminals, oftentimes employees are committing malicious acts without even knowing of their wrongdoing (2).

New requirements in the PCI 3.0 include password education for users and increased point-of-sale security and training for users as well.

2. There's more than one way to secure the transaction
New PCI requirements also mean that restaurants can implement password security strength in multiple ways. One of the new requirements allows businesses to apply password strength that's appropriate for their business, while another leaves room for more flexibility to prioritize log reviews on the business' risk management strategy.

In layman's terms, restaurants can document actions that occurred on the server based on what's the most pertinent to their business.

3. Sharing security responsibility
Businesses of all sorts and sizes are now beginning to prioritize data security. A growing number of companies are adopting an outsourced model of IT operations, partnering with third-party firms to help bolster data protection - particularly at the point of sale. In fact, the POS is now used as a main driver for protecting a business operation. PCI data found that 90 percent of security professionals recommend compliance for payment security.

To learn more about PCI DSS and achieving compliance, review this document.

1 PCI Security Standards Council, https://www.pcisecuritystandards.org/pdfs/PCIDSS.pdf (2015)

2. Forbes, http://www.forbes.com/sites/forbesleadershipforum/2013/05/13/your-business-is-never-too-small-for-a-cyber-attack-heres-how-to-protect-yourself/ (May 13, 2013)

 

Get An eBook All-Access-Pass

  • eBook About POS
  • Grow Your Business Guide
  • Improve Your Business
  • 5 Steps Secure Your Business

Subscribe to our blog and get an all access pass to our past, present, and future eBooks for FREE.

At Your Fingertips

Download the POS Buyer’s Guide

It's a big job to buy the perfect POS System. This is a robust guide to get you equipped to ask all the right questions to potential providers.

Find a Local POS Provider

With this FREE service we can point you in the direction to providers who can meet your needs, and potentially exceed your expectations.

Take The Next Step

Get Vantiv Integrated Payments and discover how we continually earn the industry’s top spot in payment processing and excellent customer service.


 
 
Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.