PCI for Restaurants and Bars is a THING nowadays! Running the risk of loosing your ability to process credit cards is not something to take lightly. This could meand Life or Death for many establishments. For those unfamiliar with PCI and what it means. Allow us to break it down for you.
PCI compliance is a set of standards for all merchants who process credit or debit card transactions, no matter how big or small they may be. The compliance must be demonstrated across a business’ entire IT infrastructure – basically, any device that can store, transmit or track customer card data.
By ensuring PCI compliance, you protect customers’ personal card data from potential breaches and downtime, while also reassuring them that your restaurant is a trustworthy establishment.
It also protects you, the owner, from stiff penalties and astronomical fines, which can include:
- Investigation of your point-of-sale (POS) system
- Non-compliance fines with VISA and MasterCard
- Reimbursement for purchases made using stolen cards
- Replacement of stolen credit cards
- Higher fees from banks and lenders
PCI compliance isn’t difficult, it does require diligence and a conscious effort to stay on top of.
Here’s 5 Tips for Making your Restaurant or Bar PCI Compliant
- Use a FIREWALL not a router! Firewalls offer you far more control and advanced services like VLANS, Content Filtering, and Geo Blocking (blocking traffic from known bad places in the world). By establishing a digital barrier between payment data and a public internet network, you can help ensure critical cardholder data doesn’t become exposed to other businesses, former staff who still have credentials, guests, or even random vendors. The necessity of WiFi networks apps like OpenTable over tablets and iPads means data can easily be accessed if you’re not careful. A properly configured firewall helps protect this data from leaving your network.
- Delete Old Cardholder Data – Many legacy versions of applications like Aloha and processing programs keep a local version of the transactions processed. Many in plain text. There is no reason to keep it around and it only leave an area of exposure that may come around and cost you THOUSANDS in fines! Not to mention the hit to your establishments reputation for not protecting there customers information.
- Use Unique Credentials for Everyone – If everyone is using the same credentials, theres no point in having any in the event of an investigation. Implementing RADIUS Authentication for as many solutions that allow for it. This allows you to assign and retract access to trusted resources when neccesary and be able to manage from one place. Office 365 is great tool for making t his happen which is also good for messaging and collaboration amongst teams and maagement. Especially for establishments with multiple locations and managers.
- Keep Your Machines and Applications Updated While modern POS systems remain fully connected and updated by their cloud-based nature, some legacy software needs to be updated manually. Perform update son a schedule that can be done prior to opening so you can roll back any failed or conflicting updates. This does happen but it can always be undone.
- Keep card transactions out of public view – This is something that many bars and restaurants fail to perform. Card processing should be kept, whenever possible, out of view of guests or the public. Creating a small “nook” or alcove in your establishment, away from prying eyes, will go a long way toward ensuring the card details stay between the customer and the POS system.