Under Lock and Key: PCI Compliance And Data Security Is Sound Business Practice

Every business that accepts credit/debit card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). Doing so is more than a requirement; it's a sound business practice that offers the protection your business needs against potentially devastating consequences from credit card data theft.

That protection is especially important to franchisees, as restaurants are the most popular targets of credit card thieves. According to Visa International, remote access by hackers was the source of 41 percent of all credit card data theft in 2010 - with Level 4 merchants the target of 96 percent of all hacking.

Many merchants believe that their merchant bank or ISO covers them for PCI DSS compliance. That's not the case, and it's ultimately the merchant's responsibility to ensure PCI DSS compliance. Credit card breach investigations do result in fines for the affected merchant's acquiring bank when a breach is proven to result from PCI DSS non-compliance, but merchant contracts with acquiring banks typically hold merchants liable for those fines should a breach occur, which transfers the burden to the merchant who was hacked.

That burden exposes restaurant franchisees to tremendous financial loss:

  • Fines of up to $500,000 per incident
  • Liability for all losses from compromised account numbers
  • Liability for the cost of re-issuing compromised cards
  • Potential suspension of merchant accounts

The severity of these fines and penalties are the reason 76 percent of small businesses that experience a customer data breach close their doors permanently within a year. And that in turn is why it's in the best interest of the franchise organization to protect against customer data theft.

Fortunately, PCI DSS is very clear about what constitutes compliance, and franchisees who demonstrate thorough PCI DSS compliance are generally shielded from liability should data theft somehow occur. Compliance involves addressing these key PCI DSS requirements:

  • Build and maintain a secure network. Simply put, it's your responsibility to make it extremely difficult for hackers to penetrate your network.
  • Protect card holder data. Don't store card holder data in easily accessible reservation systems and loyalty programs. Better yet, store all credit card data off-premises, and access it through a secure gateway.
  • Maintain a vulnerability management program. Institute measures that give you a proactive rather than reactive posture to quarterly vulnerability scans.
  • Implement strong access control measures. Do your best to ensure that only personnel with an absolute need are able to access or view card holder data, and carefully monitor access.
  • Maintain information policy. Employee vigilance is key to Make sure everyone who accesses your network and sensitive data understands the measures you've implemented for protection, and why.

If you address these requirements and achieve and maintain PCI DSS compliance, you're on the surest path to remaining safe from the potential damage inflicted by thieves on the hunt for valuable customer credit card data.

Paul Arceneaux is chief marketing officer for ANX, a leading provider of managed compliance, and connectivity solutions. He has more than 20 years of security, technology product development, and marketing leadership.

Social Reach:

Viewer Response:

comments powered by Disqus

Top Opportunities »

Subscribe »

Multi-Unit Franchisee Magazine

The only publication dedicated exclusively to the hottest topic in franchising - Multi-Unit and Multi-Brand Franchisees.

Attend »

Multi-Unit Franchising Conference

Multi-Unit Franchising Conference

APR. 27, 2016 | Caesars Palace, Las Vegas, NV

A unique event because it is highly influenced by its advisory board, consisting of the very best multi-unit franchisees. The board works diligently to ensure that the conference delivers on its promise of being the best platform for franchisees to learn how to grow their businesses.

A Franchise Update Media Group Production
Franchise Update Media | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2015. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3

In Loving Memory Of Timothy Gardner (1987-2014)