The Restaurant Community » Forums » Restaurant Business

[CHRIS ELLIS]

It is very important that everyone that owns or operates any business understands what their libility is when it comes to credit card information secruity.

There are three components of Credit Card Compliancy (version of software, settings within the software, and the infrastructure and security of the network) the major component of Compliancy is the infrastructure and security of the network which is controlled by the business owner.

the highest risk restaurants are typically single location
or part of a chain. They are predominantly card
present, “retail” transactions. They use unsecured
Internet-accessible store networks, like DSL, cable
modem, or wireless technology. They also use noncompliant
POS software that improperly stores card
data elements.

Typically, when a breach is suspected, the restaurant
owner/operator can expect the following:

• Receives a call from the Fraud Departments of the
Credit Card companies to discuss incidences of
irregular credit card usage within their restaurant
that suggests the possibility of a security breach.

• The restaurant owner is compelled to promptly
select from a short list of pre-approved forensic
audit firms and be subjected to an intrusive
internal security audit which can run from
$8,000 to $15,000.

• With little or no notice, the restaurant’s card
processing company is contractually permitted
to begin withholding funds to pay for the projected
fines, penalties and assessments.

• After completion of the forensic audit, a conference
call is held with the owner, the card company fraud
departments and the forensic auditor to discuss
the findings and the restaurant’s remediation requirements
(failure to follow the remediation steps
will result in additional fines and possible prohibition
of card usage).

• The restaurant is subject to fines, penalties
and assessments ( credit card charge backs
may continue for 18 months from the initial
security breach. Fines could start as high as
$50,000 and merchants may incur monthly
penalties beyond the initial findings until the
matter is resolved.

4 out of every 10 cases of ID
Theft occur from theft of sensitive
credit card data information from
restaurants with hackers specifically
targeting restaurants due to their
perceived vulnerabilities.

Even if a forensic audit reveals
that there have not been any
PCI infractions, the finding
of a single PCI violation such
as an insufficient firewall or
of easily detectable computer
passwords could trigger fines

For more info contact the National Restaurant Assoc