Making sure that your business passes restaurant point of sale credit card PCI security audit

Security rules on credit cards for restaurants

A lot of restaurants is being penalized by the credit card industry for not sufficiently protecting their customers’ credit card info from the possibility of theft, with Visa, MasterCard and financial organizations that process electronic payment over the months are sending warning letters and conducting seminars. With these moves, it forces restaurants into taking in consideration additional steps on how to safeguard their customers’ credit card data.

According to companies that process card transactions, there are still tens of thousands of eateries that do not comply with the security rules set by the credit card industry.  Any company that takes plastic is required to follow a set of security regulations instituted by Visa, MasterCard, American Express and Discover.

In the data recorded by Visa indicates that since January of 2005, around 40% of incidents in which criminals gained unauthorized access to credit card information was made up of restaurants — providing the largest percentage of incidents for a merchant category.

Separately, there are reports from a Chicago-based data security auditor, AmbironTrustWave, for merchants that with the 62% security violations it witnessed during the prior 18 months are with the restaurant industry.

These violations includes various security lapses such as wireless networks that are poorly guarded — which enable thieves to access information from the parking lot using a laptop — as well as the lack of strictness to their systems that makes it a lot easier for a staff with criminal intention to steal credit card information.

Mostly, consumers are not aware when their credit card info is in danger. Not all security breaches produced successful fraud, and mostly, merchants do not recognize these incidents unless there is a significant likelihood that a major fraud will take place or has already been identified. Also, companies that issues credit cards don’t usually close a customer’s account unless fraud has taken place.

Restaurateurs may have a rough time with credit card security rules, since the regulations can be difficult for smaller merchants. Hearing from the restaurant owners who thought they complied with rules, the National Restaurant Association trade group found out their systems were not functioning properly and were penalized.

Over 0,000, in some cases, is the fine for restaurants that violated credit card industry rules by keeping credit card information. In 2006, Visa fined merchants across all categories .6 million for security violations, an increase from the .4 million in fines the previous year.

Visa, believes a merchant group needs additional attention, held special security briefings with several hundred restaurants.

At the same time, companies that process credit card transactions are also turning up the heat on restaurants. These credit card companies have threatened to end services to those that do not follow security regulations.

Most restaurants uses special software with features such as as tabulating bills, delivering orders to the kitchen and tracking reservations, credit card companies are worried because they cannot force software makers to abide by their security rules, so they put on the pressure to restaurants. Visa’s web site maintains a list of software programs that meet its requirements.

But software programmers that even with the best software, restaurants can still be in heaps of trouble if they disregard password protection or firewalls. For software companies, they say that it’s not up to them to let restaurateurs know what they must do to be in compliance with the security rules of the credit card industry.

The author of this article is the VP of Customer Relations at POS-For-Restaurants.com with over 20 years experience helping restaurants nationwide increase their efficiency and bottom-line profits using restaurant POS systems.

To learn on how our national POS network of restaurant point of sale experts can help your business achieve greater success in these difficult economic times, visit POS-For-Restaurants.com.

Restaurant and Retail POS PCI & Credit Card Security: Background

Background on PCI & Credit Card Security

For many years, both restaurant owners and their diners have been enjoying the convenience of accepting and using credit and debit cards. However, given the skyrocketing cost and frequency of fraud on credit cards, well known card brands (Visa, MasterCard, American Express, Discover and JCB) have taken preventive measures to safeguard their stakeholders.

After IBM invented the mag stripe on credit cards in in 1968, it became the industry standard. Given that the track data on the mag stripe can easily be read and duplicated, the card brands, the Payment Card Industry Security Standards Council built a set of standards for securing cardholder data, and it begins with the directive: ‘Don’t store track data.’

PCI Standards

The PCI Security Standards Council had a three-pronged approach to protecting consumers, banks and merchants/restaurateurs:

• PCI DSS (Payment Card Industry Data Security Standard) ‐ covers all entities that store, process, or transmit cardholder data: Merchants, restaurateurs, service providers, processors, etc.

Deadline for Compliance: January 2007 (deadlines are long passed)

What it Means – Restaurant owners, regardless of their establishments’ size, must all complete and submit a PCI Self-Assessment Questionnaire to their Acquiring Bank yearly.

• Payment Application Data Security Standard or PA-DSS ‐ involves all applications used to store, process, or transmit cardholder data as part of authorization or settlement. (Point of Sale (POS) application developers)

Deadlines for Compliance:

Oct. 1, 2008 ‐ Only the software that is compliant with the new payment application security standards must be used by agents, merchants and payment processors.

Oct. 1, 2009 ‐ Terminate any noncompliant payment applications that merchants might still be using in their environments will be required.

July 1, 2010 ‐ Mandatory use of only the payment applications that support the new standards.

What this Means – After these deadlines, merchants/restaurateurs that are still running a non-PA DSS-validated application, they automatically fail the PCI assessment and may lose their ability to accept credit cards.

• Pin Entry Devices (PED) Standard – covers all PEDs and it aims to ensure that the cardholder’s PIN, and any sensitive information such as resident keys, are protected consistently at a PIN acceptance device.

Deadline for Compliance:

Jan. 1, 2004 ‐ Newly purchased Point of Sale (POS) PIN Entry Devices must have passed testing and approved by Visa from one of its recognized laboratories.

July 1, 2010 ‐ Mandates that all deployed Point of Sale (POS) PEDs must have passed testing by a PCI recognized laboratory and been approved by the PCI SSC.

Which Means ‐ Merchants/restaurateurs have two years to replace older, un-approved PEDs.

The Do’s With Payment Card Industry (PCI)

• Make routine vulnerability scanning of your systems.

• Do security awareness training for all of your staff.

• Do audits of system access.

• Monitoring of system activity logs.

• Access privileges should be removed for separated employees.

• Install software patches for your system.

• Be responsible when it comes to any threats, device an incident response plan.

PCI Don’ts

• Whole credit card numbers should not be stored or archived.

• Transmitting credit card data unencrypted should not be practiced.

• With Payment Card Industry, it’s not simply about proving you are compliant with the standards – it’s about protecting your business and your customers.

What Restaurateurs Get From PCI

Given consumers’ expectation of ever-present acceptance of using credit and debit cards, merchants’/restaurateurs’ validation that they are giving protection to their customers’ personal data is good for business:

Reputation / Image

In a competitive business – a restaurant owner does not want to be named in the media as the place were a card data was breached.

Protects Ability to Accept Credit / Debit Card Payments - neglecting the rules and/or a breach can endanger a restaurateur’s ability to accept credit/debit payments. There are several cases that 80% to 90% of transactions are through credit/debit payments. Losing the ability to accept credit cards means reduced traffic/customers.

The Effects of State Privacy Laws

A breach that discloses personal credit card information in one of the 40+ States with privacy laws may experience double impact on the side of the restaurateur. Being off-side with the Payment Card Industry can result in fines and lawsuit costs. Being off-side with State Privacy Laws is a crime punishable by confinement with possibly more serious consequences.

Compliance / Security Strategy

• Make sure you are using a PA‐DSS or PABP validated POS system

• Ensure you are using an approved PED

• Arrange for regular security awareness training for your staff, especially your supervisors

• Conducting a background check on all employees with administrative access to your system is a must

• Have a ‘Confidentiality Agreement’ contract with your staff

• When it comes to your PCI Self Assessment Questionnaire (SAQ), carefully and accurately complete the form and when you’re not sure with your answers, just ask

• If you notice gaps in the PCI compliance, develop a realistic plan to straighten it out

• Be matured in sustaining compliance

• Accessing controls

• Dual factor for system and device management

• Strong passwords and secure password storage

• Regularly monitor system activities for potential attacks as well as record evidences

• Control wireless access points

• Maintain secure configuration

• Section each network

• Maintain an Incident Response Plan and Test It

• Test and audit the cardholder environment like your business depended on it

It can be a daunting task the first time but when everything else is in place, ongoing PCI compliance is not an expensive undertaking. Besides, it’s good for you business to practice protecting the sensitive information that your customers trust upon you.

Questions?

For more information and advice on this topic you can quickly contact a Restaurant POS professional serving your area at www.POS-For-Restaurants.com

The author of this article writes for POS-For-Restaurants.com - a VP for Customer Relations with over 20 years experience in the restaurant point of sale industry.

A New Technology In Restaurant Point of Sale Systems!

The New Payment Method That Might Make Credit Cards Obsolete

Contactless, one of the leading provider of advanced, open-standard contactless chip technologies, have announced they’ve made a 3-year agreement with First Data, a global leader in electronic commerce and payment processing services, of developing contactless payment stickers that will be marketed by First Data as GO-Tag products. Within the said agreement, INSIDE will supply the MicroPass payment sticker prelams exclusively to First Data-qualified card manufacturers for their productions.

This agreement can provide a strategic advantage to the core technology from INSIDE Contactless and the issuing and transaction processing power of First Data. GO-Tag products will be marketed by First Data to major U.S. merchants, financial institutions, and other distribution channels in a variety of form factors.

According to the general manager of Mobile Commerce and Point of Sale Solutions for First Data, the GO-Tag Solution will represent an important measure in the evolution from today’s plastic cards and fobs, offering a bridge to the future of mobile payments. “Our partnership with INSIDE Contactless enables us to offer consumers an opportunity to turn just about any personal item, from a mobile phone to an employee ID badge, into a payment device.”

“This agreement highlights the versatility of our MicroPass platform to support a variety of contactless payment applications and form factors, including stickers,” says Charles Walton, executive vice president of payments for INSIDE Contactless.

You might also want to consider updating your restaurant POS system to Contactless credit card acceptance in the near future, because their technology is becoming more and more common in the marketplace. And we all know that customer service is all about the speed and fast transaction to a restaurant point of sale terminal, the better the service is the better your customer experience will reflect on the value of your services.

The author of this article is the VP of Customer Relations at POS-For-Restaurants.com with over 20 years experience helping restaurants nationwide increase their efficiency and bottom-line profits using restaurant POS systems.

You may visit POS-For-Restaurants.com for more information on how our national network of restaurant point of sale experts can help your business achieve greater success in these difficult economic times.

Knowing Your Restaurant POS System

How Many Restaurant POS Terminal Will I Be Needing?

• Considering peak customer volume
  When handling peak customer volume, you need to have a plan to be able to efficiently serve them all.
• Number of staff taking the orders
  For serving tables, I suggest assigning 1 station for every 3-5 servers. You may want to have additional stations for handling high volume areas such as the bar and cashie stations. When switching to a POS system from a cash register many people unintentionally forget that their POS system is not only used to to cash out customers but can also be used for order entry as well.
• The layout of your restaurant
  A proper restaurant layout affects your employees service. So if you have a bar, assigning a separate station for your bar tender would be easier since he can serve customers from there quickly.
• Having proper location where your customers pay for their meals
  If you plan to have customers pay at the front you should have 1 or 2 dedicated cashier stations to fast track transactions. If the servers are going to carry their own banks, we suggest fewer servers per station.

What type of POS computer should I use for my restaurant?

• Desktop: the standard desktop type.
  • Least expensive computer option
  • Has onsite warranty for 3 years
  • Can easily be kept hidden under a counter, so it will not cause delay for any transactions
  • Has greater flexibility for addition of extra ports
  • Latest CPU speeds and memory
  • Screen and computer are separate; if ever technical difficulties accur, it’ll be isolated.
• Small form factor (SFF): also known as shuttle form factor, a smaller type of computer.
  • More stylish than the desktop
  • 3 Year Onsite Warranty Standard for this component
  • Saves more space
  • Fewer options for expandability
  • Latest CPU speeds and memory
  • Screen and computer are separate; in case of technical difficulties problems are isolated.
• All-in-one terminals: combining touchscreen and computer.
  • Most stylish option with fewer wires and least space required
  • Manufacturers warranty: 1-2 years (Not onsite)
  • Comes standard with sufficient ports for almost any operation
  • CPU speed is generally slower than the other two options but sufficient for the Point of Sale needs.
  • Combined screen and computer

How many cash drawers should I use?

• Unless you want your servers to carry their own cash banks, placing cash drawer at every station you want to use to end transactions is advisable.

Integrated credit cards?

• Your POS systems can be used to process and keep records of all credit card transactions and allows you to store them in one convenient location.
• Can reduce seconds of transaction time with a high speed internet.
• A standalone terminal can be used in place if you do not have high speed internet connection.

How many kitchen/bar printers?

• Having one kitchen printer would be sufficient for your restaurant, not unless you have different sections serving different dishes inside your kitchen then it would be better if you place printers on all sections.
• Think about this, you can print all appetizer orders on one printer and all your entrée dish on another printer.
• For kitchens and bars, it is highly recommended that you use impact (dot-matrix) printers instead of thermal printers. Because their loud printing alerts cooks and bartenders that an order is coming through, and since tickets printed on thermal printers becomes unreadable when exposed to heat.

How many receipt printers do I need?

• Having a receipt printer at every station would be better than just having one.

Is a back office computer needed?

• A back office computer helps managers to run reports and access POS systems to change, remove or add important data without disturbing servers.
• A back office computer is not necessariliy required unless you have 4 or more stations. It is however a good idea to host the database on a back office computer if you do have 4 or more stations so none of the stations has the extra load of running the database.

More information is available at POS-For-Restaurants.com

The author of this article is the Vice-President of Customer Relations at POS-For-Restaurants with over 20 years of experience serving restaurants of all types and sizes throughout the U.S.

Is an Efficient Restaurant POS System In Your Future?

There are a lot more things a Point of Sale system can do for your business other than automating sales transactions. Let our POS professionals teach you how you can take control of your business and increase your profits.

Having A Control Over Your Business

A right POS system will lift you up to a new level of control over your operations, it helps fine-tune your business model, boost your profits, as well as your efficiency. The wrong choice of system, however, can be a waste of money and a source of ongoing frustration.

In a sense, your POS system is a glorified cash register! The most basic POS system that consists of a computer, a cash drawer, receipt printer, a monitor, and an input device such as a keyboard or scanner. However, in addition to being more efficient than cash registers, POS systems are able to create detailed reports which can help you in making decisions.

A POS system saves money, provide productivity gains, and can cut down the amount of time you spend away from the primary focus of your business.

Saving more money, gain more control over your business, and being more productive; sounds like a great combination, right? Well here are some of the best ways a modern point of sale (POS) system can help your business.

Getting rid of shrinkage

A computerized POS system can drastically cut down on shrinkage, the inventory missing from your store or restaurant due to theft, waste and employee misuse. Because employees will know inventory is being carefully tracked, internal shrinkage will dwindle.

Accuracy

Whether you use barcode scanning or not, using a POS system can ensure that every item in your store or on your menu is sold for the right price. Your staff will no longer have to guess the price of an item, and you can change prices with just one click of the mouse.

Get better margins

You can get better magins by having a detailed sales report, focusing on higher-margin items would be cinch. By moving items within a retail location, or promoting poor-performing items in a restaurant, you can help boost sales of well performing items.

Knowing your stats

You can easily know which of your items have been sold today, yesterday, last week or months ago, with the help of a POS systems. It can even tell how much money is in the cash drawer as well as how much of that money is profit.

Manage inventory better

Knowing what stocks you need to keep on hand can easily be tracked using a detailed sales report. Track your remaining inventory, spot sales trends, and use historical data to better forecast your needs. Your POS software can be set to alert you when when stocks run low so you can reorder for them. There are many store owners who are caught by surprises when they have this data, because they think that they know exactly what trends affect them.

Build a customer list

Collect the names and addresses of your regular customers as part of standard transactions. Then use the list for targeted advertising or incentive programs.

Reduce paperwork

Reducing the time you spend on doing inventory, sales figures, and other repetitive but important paperworks can be lessen if you use a POS system to help you out. It doesn’t only reduce the time but save more for you as well as give you a peace of mind.

Efficiency in transactions

In retail settings, you can make checkouts quicker by using a barcode scanner and other POS features. Restaurants will find their order process greatly streamlined as orders are relayed automatically to the kitchen from the dining room. In both cases, your customers can get a much faster and more accurate service.

You have to keep in mind that these benefits requires a commitment to utilizing the POS system capabilities to their fullest. Without proper training and analysis, even the most sophisticated POS system will be nothing more than a simple cash register.

Retail needs vs. Hospitality needs

The POS market is divided into two segments with very different needs: restaurants, bars, and hotels and other retail operations and hospitality businesses.

Retail

Of the two groups, retailers have simpler POS needs. They process transaction all at once and often use less variation in the items they sell. Because there are some POS features retailers that specifically want to include the ability to support kits (3 for deals), support for digital scales and returns/exchanges. Your POS system will have to support matrixes if you sell items that come in a variety of styles, like clothing or shoes. For example, matrixes let you create one inventory and price entry for a particular sweater, but still track sales according to size and color.

Hospitality

Restaurants and other hospitality businesses differ in requirements.

Efficiency is the key focus for casual restaurants. For retail-style restaurants like sub shops, a POS system can greatly increase accuracy and cut down on time-per-transaction unlike with hastily-scrawled order tabs sent to the kitchen. And for quick-service style restaurants, POS systems are practically a requirement for living up to their name: a customers’ order is entered on the terminal at the front which sends the order and displays them on a monitor at the food preparation area where the order is assembled and delivered to the appropriate customer.

For fine dining restaurants, point of sale requires a bit different. They need a POS system that gives them the ability to create and store open checks, as parties order more over time, as well as track which waiter is responsible for which table. The efficiency gains from better management can be impressive. If your restaurant has 20 tables and has an average check of , it can increase turnover by one party per table, that would be an extra 0 on one busy night.

Return of Investment (ROI)

Migrating from your old system to a computers POS system isn’t that easy. There are several factors that needs to be considered and pitfalls to avoid. But the return of investment (ROI) can really make it worth all the effort you put into it.

Need more information or an online resource?

Go to POS-For-Restaurants.com

The author of this article is the Vice-President of Customer Relations at POS-For-Restaurants with over 20 years of experience serving restaurants of all types throughout the U.S.