Many restaurant owners have their heads buried in the sand in regards to payment security. It’s understandable. Payment security is not a very exciting topic. There’s a whole lot of confusion. It’s a lot easier to assume your vendor has […]
Many restaurant owners have their heads buried in the sand in regards to payment security.
It’s understandable. Payment security is not a very exciting topic. There’s a whole lot of confusion. It’s a lot easier to assume your vendor has you covered than to inquire and find out you are not covered.
While payment protection does have plenty of technical complexities, the fundamentals are straightforward — enough that you should have the ability to understand your situation and ask the correct questions of your vendors.
With that in mind, here is some wisdom and advice to get you started.
The PCI (Payment Card Industry) Safety Standards Council has a very definite set of requirements regarding payment protection as it pertains to POS systems. The next three safety measures work together to safeguard you and your clients. Their importance can’t be overstated.
Tokenization — The practice of taking a cardholder’s main account number (PAN) and substituting it with a substitute value known as a token. If a criminal gains access to the token, it has no significance and can’t be used to get card data.
P2PE (point-to-point encryption) — The process of encrypting cardholder data at the point of dip, swipe tap until the information reaches the payment company. This is accomplished with cryptographic keys which are known only to the payment firm itself. If a criminal intercepts any information, it is unusable.
EMV — A debit and credit card with an embedded chip which makes sure that the card being used at the point of transaction is authentic, thus reducing fraud.
At this time, your POS and payment technologies should use all three kinds of security. Your vendor should be able to validate your standing. Most vendors today are utilizing tokenization and P2PE. If you lack anyplace, it is probably with EMV.
As of Oct. 2015, deceptive charges due to transactions occurring with a non-EMV-compliant payment terminal are billed back to the merchant. The EMV transition from the US was a wreck for many in the payment sector, and delays and confusion were common. Nowadays, things are much clearer, and some vendors still have not updated their software to support EMV.
In addition, some restaurants have chosen to not pay for updates to their payment devices to support EMV. Such a choice is short-sighted since EMV updates are extremely reasonably priced today and bring value-adds like the capability to take trendy NFC payments.
Online Transactions Must Meet New Standard
A Transport Layer Security (TLS) protocol is used behind the scenes to make sure the data transmission between two online systems is protected. The PCI Council set a June 30, 2018 for systems using”early” TLS version 1 to update to a newer version to fulfill the PCI Data Security Standard (PCI DSS) for protecting payment data.
If you collect payments using an online ordering system or possess any kind of e-commerce, you will want to consult your vendors to make certain that their solutions are utilizing at least TLS 1.1 (TLS 1.2 is recommended ). The penalties for not complying could be high. In actuality, there have been reports of several payment firms disabling merchants who don’t meet these new standards.
Poor Security is Inexcusable and Avoidable
Credit card security may be the last thing you need to deal with as a hectic restauranteur. Unfortunately, it’s crucial to protect you and your clients. However, that does not mean security needs to be a burden. If your existing vendors are lagging in some of the above locations, it may be time to produce a change. With the perfect partner, you can expect safety to them while you concentrate on delivering quality service and food.
►►► ConnectPOS is a cloud-based POS software compatible with multiple platforms including Magento, Shopify & Shopify Plus, and BigCommerce.