Why Does My Restaurant Need PCI Compliance?
In 2010, approximately 2,000 restaurants were the victims of credit card data theft. That is 3 times as many as in 2009. In addition, PCI compliance for restaurants mandates and deadlines are occurring this year. PCI compliance for restaurants goes beyond simply implementing a data security standard validated payment application. As a leader in POS systems, East Bay POS can assist your restaurant in becoming PCI compliant.
Every restaurant that processes or transmits credit card information is required to be compliant with the Payment Card Industry Data Security Standard (PCI compliance for restaurants or PCI DSS). Being PCI compliant protects your restaurant and your customers from credit card information theft.
PCI compliance for your restaurant will protect you from large fines and costs associated with hiring a Qualified Incident Response Assessor. Fines can be in the $5,000 to $50,000 range and the cost of an assessor can be up to $25,000. PCI compliance for your restaurant protects you, protects your customer and reduces your risk of unexpected expenses and loss of your business reputation.
What is required to Meet PCI Compliance for Restaurants?
PCI compliance for restaurants is a comprehensive solution that involves the following:
- • Having a validated payment processing application
- • Completing the PCI Self Assessment Questionnaire on an annual basis
- • Have an approved scanning vendor perform quarterly security scans on your infrastructure
Detailed requirements for PCI compliance for restaurants include:
- • Build and Maintain a Secure Network
- ° Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- ° Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- • Protect Cardholder Data
- ° Requirement 3: Protect stored cardholder data
- ° Requirement 4: Encrypt transmission of cardholder data across open, public networks
- • Maintain a Vulnerability Management Program
- ° Requirement 5: Use and regularly update anti-virus software
- ° Requirement 6: Develop and maintain secure systems and applications
- • Implement Strong Access Control Measures
- ° Requirement 7: Restrict access to cardholder data by business need-to-know
- ° Requirement 8: Assign a unique ID to each person with computer access
- ° Requirement 9: Restrict physical access to cardholder data
- • Regularly Monitor and Test Networks
- ° Requirement 10: Track and monitor all access to network resources and cardholder data
- ° Requirement 11: Regularly test security systems and processes
- • Maintain an Information Security Policy
- ° Requirement 12: Maintain a policy that addresses information security
Call us today to see how we can help your restaurant with PCI compliance.