Understanding How to Become PCI Compliant

September 1, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

 

Have you heard of the PCI DSS (Payment Card Industry Data Security Standard)? If not, they provide the standards for all merchants that store, process, or transmit cardholder data. If you are processing credit cards in your restaurants, you are responsible to comply with this standard. Click here for the details.

 

Nearly every restaurant owner has heard of it, but it remains a source of confusion as to what is required of small businesses. However, the good news is that PCI DSS compliance does not have to be confusing. Before we dive into what it takes to become PCI DSS compliant, let’s talk about the challenges restaurants face.

 

The big piece to the PCI DSS compliance pie is limiting employee access to data. Keep in mind the number of servers on a given shift who run credit card transactions, this means multiple machines and multiple staff members with access to physical credit cards. To help ensure you are in compliance, it is imperative that you use unique employee IDs and properly encrypted systems. An outdated point-of-sale (POS) system or credit card terminal typically will not encrypt the data that is processed through them. If your POS software or credit card terminals are outdated, you can contact your merchant processor to see what they offer as an upgrade to provide data encryption and if your systems require an upgrade.

 

The National Restaurant Association states that, typically, restaurants that run the highest risk of a data breach use unsecured Internet-accessible networks, like DSL, cable modem, or wireless technology. They may also be using non-compliant POS software that stores credit card data improperly.

 

There are six categories of PCI DSS compliance (refer to the link above for detailed information) requirements, which are:

 

  1. Maintaining a secure network
  2. Protecting cardholder data
  3. Protecting your systems against malware/spyware
  4. Putting strong access control measures in place
  5. Monitoring and testing your networks
  6. Creating an Information Security Policy

 

You may be thinking after looking at these six categories, “How can they expect small businesses to manage these six categories to stay compliant?” The keys to PCI DSS compliance include proper network security, careful handling of customer cardholder data and the use of only the PA-DSS-validated (Payment Application Data Security Standard) POS and payment processing systems. You can find a list of PA-DSS- validated POS providers HERE.

 

You are also required to complete a “self-assessment questionnaire” (SAQ) on an annual basis. The basic SAQ generally takes about 15 minutes to complete and provides the restauranteur with an opportunity to review their business policies and practices related to credit card transactions and data storage.

 

The bottom line is that PCI DSS compliance is required and this process helps your restaurant from data breaches and the fines and penalties that come with them. Card data theft is costly. Therefore, familiarizing yourself with the policies, and properly training your staff will end up saving you time and money while also protecting your customers and restaurant from a data breach.

 

For more information pertaining to PCI DSS compliance, please contact Jason VanGotten at jvangotten@corestaurant.org

 

Sources:
Clinard Insurance – Restaurant Blog 2016

Safety Corner – Prevent restaurant theft from happening to you!

February 1, 2017

By Sean Pechan, Colorado Restaurant Insurance

We have been hearing from our clients about a recent uptick in burglaries within the Denver Metro area. Crimes against restaurants are typically crimes of opportunity, and these recent reports have definitely fallen into that category. Most often these burglaries happen after the restaurant has closed, however, in several instances a burglary has occurred during business hours. In almost every instance, the burglar has entered a back door (sometimes even during dinner rush). The perpetrator often takes cash and/or inventory food and liquor, then slips back out the back door of the restaurant.

We believe that implementation of some simple risk management steps can reduce your exposure to these types of loss. Besides costing your establishment potentially thousands of dollars, the loss of ‘peace of mind’ for you, your employees, and at times your customers is immeasurable.

Here are some examples of how we can work with you to help improve security and reduce your risk. Consider updating your security procedures and training all staff – including cleaning staff – so they understand their importance and follow the procedures. Develop practical policies in managing the risk of the backdoor of your restaurant (when it is acceptable to be open and how it should be respected). Limit the access of nonessential vendors and staff to back-of-house operations, especially the office where checks and cash on hand is managed. Keep inventory locked even during normal operations. Mark expensive equipment with ID numbers and keep detailed records of all inventory, and store the information off-premises for ease in reporting after the fact.

Contact your local police department for a business safety assessment. The CRI can also provide additional risk management techniques to reduce exposure to loss. We are available to offer guidance to protect your assets. Call us anytime at (303) 830-2972.