About the Oregon Restaurant Association Become A Member Online Store Running Your Business

 
     
 •    Home    •
 
Why join ORA?
Read about and register for
Membership
Find products
and services
Vendor Directory

Event & seminar
Sponsorship
Opportunities

Write Your Legislator today using


Search this site:
 

Review Your Payment Card Security Practices

Courtesy of National Restaurant Association

October 27, 2008

Now is a good time to scrutinize the way you handle payment card information. The payment card industry recently released a new version of its security standards. Merchants must meet those requirements, known as PCI standards, as a condition of accepting most credit and debit cards. PCI standards are designed to make it more difficult for hackers to break into a merchant’s computer systems and compromise customers’ consumer credit and debit card information.

They were developed by the major credit card companies and standardized in 2004 by the Payment Card Industry Security Standards Council. When credit card security breaches occur, they can cost restaurants tens and sometimes hundreds of thousands of dollars in fines and security upgrades. Many independent restaurateurs often don’t realize they’re at risk. “It’s a very fluid process,” says Charles Hoff, an Atlanta attorney who represents restaurants and other merchants in PCI cases. Hoff, of Taylor, Busch, Slipakoff & Duma, also is general counsel for the Georgia Restaurant Association. “It’s not unusual for restaurants to go in and out of compliance.” Hoff says restaurants’ challenges in safeguarding customers’ credit card stem from several problems:

  • Their point-of-sale software isn’t up to date with the latest protections.
  • Their POS systems and networks use “default” passwords that haven’t been changed.
  • Merchants use remote server access systems that are susceptible to hackers.
  • Merchants have unsecured data networks exposed to the Internet.
  • Some versions of POS payment software improperly store sensitive information without restaurants knowing it. That information includes customers’ PINs and unencrypted data from the magnetic strip, which are attractive to data thieves.

Restaurants must rely on their card processing companies and POS vendors to do their part to safeguard data and prevent their systems from storing magnetic stripe data from customers’ payment cards, Hoff says. Additionally, restaurants find it challenging to be fully compliant because of the complexity of the standards. The PCI standards consist of 12 basic components and about 200 constantly evolving subcomponents. The updated standards could take effect as early as January 2009. They help clarify ambiguities in the technical process for compliance, Hoff says. Although the revised standards aren’t substantially different from the previous version, they stand as a reminder that restaurants need to constantly monitor the security of their payment card processes, Hoff says.

Find out more at www.restaurant.org/business/datasecurity.
 
 
 
 
 About ORA
 
 Running Your Business

Running Your Business

Vendors

Resources & Links
 
 Online Store

Product List

Books for Managers

Software & Media

Popular Titles

 
ABOUT ORA  •  BECOME A MEMBER  •  CONTACT ORA  •  EDUCATION  •  ONLINE STORE