Under Lock and Key: PCI Compliance And Data Security Is Sound Business Practice

Under Lock and Key: PCI Compliance And Data Security Is Sound Business Practice

Every business that accepts credit/debit card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). Doing so is more than a requirement; it's a sound business practice that offers the protection your business needs against potentially devastating consequences from credit card data theft.

That protection is especially important to restaurant franchisees, as restaurants are the most popular targets of credit card thieves. According to Visa International, remote access by hackers was the source of 41 percent of all credit card data theft in 2010 - with Level 4 merchants the target of 96 percent of all hacking.

Many merchants believe that their merchant bank or ISO covers them for PCI DSS compliance. That's not the case, and it's ultimately the merchant's responsibility to ensure PCI DSS compliance. Credit card breach investigations do result in fines for the affected merchant's acquiring bank when a breach is proven to result from PCI DSS non-compliance, but merchant contracts with acquiring banks typically hold merchants liable for those fines should a breach occur, which transfers the burden to the merchant who was hacked.

That burden exposes restaurant franchisees to tremendous financial loss:

  • Fines of up to $500,000 per incident
  • Liability for all losses from compromised account numbers
  • Liability for the cost of re-issuing compromised cards
  • Potential suspension of merchant accounts

The severity of these fines and penalties are the reason 76 percent of small businesses that experience a customer data breach close their doors permanently within a year. And that in turn is why it's in the best interest of the franchise organization to protect against customer data theft.

Fortunately, PCI DSS is very clear about what constitutes compliance, and franchisees who demonstrate thorough PCI DSS compliance are generally shielded from liability should data theft somehow occur. Compliance involves addressing these key PCI DSS requirements:

  • Build and maintain a secure network. Simply put, it's your responsibility to make it extremely difficult for hackers to penetrate your network.
  • Protect card holder data. Don't store card holder data in easily accessible reservation systems and loyalty programs. Better yet, store all credit card data off-premises, and access it through a secure gateway.
  • Maintain a vulnerability management program. Institute measures that give you a proactive rather than reactive posture to quarterly vulnerability scans.
  • Implement strong access control measures. Do your best to ensure that only personnel with an absolute need are able to access or view card holder data, and carefully monitor access.
  • Maintain information security policy. Employee vigilance is key to security. Make sure everyone who accesses your network and sensitive data understands the measures you've implemented for protection, and why.

If you address these requirements and achieve and maintain PCI DSS compliance, you're on the surest path to remaining safe from the potential damage inflicted by thieves on the hunt for valuable customer credit card data.

Paul Arceneaux is chief marketing officer for ANX, a leading provider of managed security, compliance, and connectivity solutions. He has more than 20 years of security, technology product development, and marketing leadership.

Published: November 9th, 2011

Share this Feature

Recommended Reading:

Comments:

comments powered by Disqus
Blaze Pizza
SPONSORED CONTENT

FRANCHISE TOPICS

Top Opportunities »

Fantastic Sams
Fantastic SamsĀ® is one of the most recognized brands in the hair care industry with nearly 1,200 full-service salons in North America and 40 years...
Cash Required:
$70,000
Request Info
Massage Envy
Massage Envy clinics are designed to provide a compelling image, an inviting and functional environment and the highest degree of operational...
Cash Required:
$150,000
Request Info
Chronic Tacos
Chronic Tacos is a California inspired authentic Mexican grill that celebrates the individuality of our customers. We have developed restaurants...
Cash Required:
$100,000
Request Info

Subscribe »

Attend »

Conferences
Caesars Palace, Las Vegas, NV
APR 3-6

Share This Page

Subscribe to Multi-Unit Franchisee Report

A Franchise Update Media Production
Franchise Update Media
P.O. Box 20547
San Jose, CA 95160
PH. (408) 402-5681
In Loving Memory Of Timothy Gardner (1987-2014)

Copyright © 2001 - 2018.
All Rights Reserved.