As an independent business, restaurant, brewery or franchise operating in the digital age, you know you must constantly make your customers feel secure in their transactions with you. As more digital payment options become available and cash is used mainly for vending machines and more miscellaneous purchases, you know that the words PCI Compliancy will enter the conversation anytime you talk about credit card transactions and processing.
DEFINING PCI COMPLIANCE
The phrase “PCI Compliance” comes from the Payment Card Industry Data Security Standard (PCI DSS) and can be defined as the rules and guidelines that ensure the security in the ways companies transmit, store, process or accept credit card information from their customers and clients. The five major credit card companies – Visa, American Express, MasterCard Worldwide, JCB International and Discover Financial Services – founded the PCI Security Standards Council in 2006 to provide continuous updates and improvements to transaction security and the payment technology life cycle.
SECURITY AND FIREWALLS
Building security begins with a firewall such as the WatchGuard Firebox that creates a secure, private network for your customers as well as wireless solution. The PCI Compliance hosting provider should also give your business network multiple layers of defense against any possible hackers and virtual attacks by creating authentication services and password-protected financial programs that keeps customer data safe. Make sure your passwords are unique to your company and are known by crucial team members. Also work with your credit card processor to make sure each person with access to your company’s POS system has a unique username and password for the sake of accountability.
THE NEW KID ON THE BLOCK: EMV
As many of you have probably experienced in the last several months, the Europay, Mastercard, Visa (EMV) chip-based cards have been issued by banks across the country. Though these adjustments may cause your staff hassles at times as you switch to a new terminal for payment acceptance and process, know that you will be able to sleep better at night knowing that cyber attacks can be greatly reduced by this technology. In fact this EMV chip provides a unique impression every time it is used, leading to decreased instances of counterfeit credit cards. You will also save your business operational costs that usually accompany instances of fraud. For those unsure about switching to the chip-based terminal for these EMV cards, your customers will still be able to swipe their cards. Credit card processors such as Payment Logistics (coupled with point of sale solutions like Nimble) will allow EMV, Tokenization and Encryption (explained in the next section) to be processed at swipe. You can find out more about this technology here and here.
ENCRYPTION FOR YOUR TRANSACTIONS
Tokenization and cryptography also represent a powerful implementation of PCI Compliance technology. As the credit card is inserted or swiped, the private cardholder data is transformed into a one-time use, encrypted string of numbers that can be transmitted across more open and public networks. This encrypted and tokenized data is virtually useless to any potential security hacker because it cannot be easily deciphered. PCI Compliance also requires that even this encrypted credit cardholder data cannot be stored in the POS terminal, adding a crucial layer of defense.
Monitoring and updating your payment processing system is also vital to your restaurant’s daily efforts in maintaining PCI Compliance. Make sure your data hosting provider and credit card processor test security measures regularly to maintain a secure environment for your customer’s data and also to make sure there is no chance for a breach. In case of a possible breach, your provider should have logging and tracking systems in place to help locate the source and identity of the breach. Also the PCI Compliance self-assessment questionnaire will also be a part of helping you maintain your restaurant’s data security. By partnering with the right provider, they will be able to make sure all of the right boxes are checked and every requirement is fulfilled. In the meantime, you and your staff will be able to concentrate on giving your customers the best service possible and making your restaurant a delicious destination.
WHAT YOU CAN DO NOW
Earlier this year, the PCI Security Standards Council released statement regarding their objectives for developing stronger security measures for all businesses in their transactions, saying “the PCI SSC will prioritize technology solutions and processes that simplify security and reduce risk for merchants with a continued focus on education, awareness and evolving threats.”
Nimble and our partnership with Payment Logistics will ensure that we constantly update our clients with the latest PCI Compliant solutions and processes. Don’t worry for another second about whether your restaurant’s data is secure and/or PCI Compliant. CLICK HERE to speak with one of our solutions experts.