PCI-DSS Compliance Support

How to pass a PCI card and the security of credit cards for retail POS and Conservation: Background

Information General PCI and security of credit cards

Restaurateurs and their customers have long been enjoying the convenience made by credit cards and debit cards for many years. However, given the high cost of heaven and the incidence of fraud credit card brands such major Visa, MasterCard, American Express, Discover and JCB have taken preventive measures to safeguard their stakeholders.

IBM was the one who invented the magnetic stripe of credit cards in 1968, which became the industry standard. Since the data track is easy to read and reproduce on the magnetic stripe card brands, with all the standards that the Payment Card Industry Security Standards Council has built he clearly stated the First Directive ". Do not store track data

The Payment Card Industry (PCI) Standards

The PCI Security Standards Council has adopted a three-pronged approach to protect consumers, banks and retailers / restaurants:

* PCI DSS (Payment Card Industry Data Security Standard)? covers all entities that store, process or transmit cardholder data: Merchants, restaurateurs, service providers, processors, etc.

Deadline for Compliance: January 2007 (the periods are long past)

That means – Restaurant owners, regardless of the size of their schools, must complete and submit a PCI self-assessment questionnaire their acquisition of the Bank annually.

* PA-DSS (Payment Application Data Security Standard)? involves all the applications used to store, process, or transmit cardholder data as part of authorization or settlement. ( title = "Point of Sale (POS)"> Point-of-Sale (POS) application developers)

The deadlines:

October 1, 2008 – Only software that is compatible with the new standard for payment application security must be used by agents, merchants and payment processors.

October 1, 2009 – Termination of all claims that non-compliant could still use in their environments necessary.

July 1, 2010 – Mandate the use of only claims to support the new standards.

That means – If after the deadline, a merchant / restaurant is not running a PA-DSS validated application, meaning they automatically fail their assessment PCI and could lose their ability to accept credit cards.

* Pin Entry Devices (PED) standard – it covers all developing countries and aims to ensure that the cardholder PINs, and all sensitive information such as key resident, are always protected an accepting device PIN.

Deadline for compliance:

January 1, 2004 – For all the newly acquired target = "_blank" title = "Point of Sale (POS) "> Point of Sale (POS) PIN Entry Devices, they must go through a Visa-recognized laboratory and approved by Visa.

July 1, 2010 – Mandates that each point of sale (POS) EPA shall have passed the test of a PCI recognized laboratory and approved by PCI SSC.

This Means – All merchants / restaurants have two years to replace their old and / or non-approved PED.

The Do with industry payment card (PCI)

* Do routine vulnerability scans of your systems.
* You have an awareness training the safety of your employees.
* Checks to access the system.
* Monitor your system activity logs.
* Separated Employees must have access privileges removed.
* Install software patches for your system.
* Be serious when it comes all the threats, the device responds to incidents plan.

Don'ts of Payment Card Industry (PCI)

* Total of credit card numbers should not be stored or archived.
* Do not send credit card information unencrypted.
* With Payment Card Industry, it is not just to make you conform to these standards – it is now, you and your customers protected.

What Restaurateurs Get IBD

Given consumers' acceptance of waiting for more of this using credit and debit cards, the restaurant they are validating the privacy of their customers is good business:

Corporate Reputation / Image

In any competitive business – not the restaurant owner does not be appointed as placed where card data was stolen.

Protects ability to accept credit / debit card – By failing to respect and / or violation may endanger the ability of a conservator to accept payments from credit / debit card. There are cases that 80% to 90% of transactions are credit / debit card accounts. Lose the ability to accept your restaurant credit cards, customers reduced.

The impact of laws on privacy

Failure to comply with all rules that discloses the individual data credit card with one of the 40 + states governed by the privacy laws may have double impact on the side of the shopping / restaurant. Be offside with PCI can result in penalties and court costs. Be offside with the State laws on protection is a crime of sanctions may be more serious.

/ Security Policy Compliance

* Make sure you use a PA? DSS or PABP validated system POS
* Make sure you use a DEP approved
* Have regular safety awareness training for your staff – especially supervisors
* Do background checks on anyone who has administrative access to your system
* Have a contract "agreement Privacy "with your staff
* When you complete your PCI Self Assessment Questionnaire (SAQ), carefully and accurately complete the form and when you are unsure of your answers, just ask
* If the PCI compliance gaps are identified, develop a realistic plan to straighten
* Maintain controls to ensure compliance maturity
* Access controls
* In the system and device management, always a factor double
* Passwords strong and secure password storage
* Monitoring to detect the presence attack and save
* Check your wireless access points
* Maintain a safe configuration
* Networks Segment
* Maintain an incident response plan and test
* Review and audit of the enabling environment

It can be a daunting task the first go round, but when the above are in place, PCI compliance is not an expensive undertaking. It is good business practice to protect sensitive information that your customers entrust you with.

About the Author

If you would like to know more about this topic or have a question in mind, you may ask for advice with our Restaurant POS professional serving your area.

The author of this article is the Vice President of Customer Relations at POS-for-Restaurants.com with over 20 years experience in the restaurant point of sale industry.

PCI DSS 6.6 Compliance Guide