PCI compliance is one of those buzz words that you’re probably tired of hearing about. But there’s a reason it’s talked about so much and such a huge selling point for any payment portal integrations. In fact, it’s such a huge deal that in the early 2000s major players in the credit card game like American Express and Visa came together to develop rules and regulations that each business who accepts credit or debit cards must adhere to.
In a nutshell, if you’re restaurant plans to accept credit and debit cards (not doing so could be restaurant suicide), then you need to be concerned about PCI compliance.
Who PCI Compliance Applies To
Everyone. Yep, you read that right. Any merchant, including restaurants, who accepts credit and debit cards, is held to PCI compliance standards.
There are varying levels of PCI compliance depending on the number of card transactions you process each year. Level 1 is the highest level with the most card transactions, while level 4 is the smallest, with fewer than 20,000 card transactions.
PCI Compliance Levels:
Level 1: Greater than 6 million card transactions per year (through all channels)
Level 2: From 1 to 6 million card transactions per year (through all channels)
Level 3: 20,000 to 1 million card transactions annually
Level 4: fewer than 20,000 card transactions annually
PCI DSS includes twelve requirements for compliance that fall under 6 control objectives.
These objectives are:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
So, PCI compliance is clearly a big deal. If you plan to offer an online ordering system to your customers, then it’s even more of a big deal. After all, people can often approach entering their credit card information online with some degree of trepidation.
That’s why it’s important that you have an online ordering system that is PCI compliant.
At eHungry, we understand PCI compliance. And we aren’t just talking about why it’s important and what it does. We’re talking about what it means to your restaurant, customers, and ultimately the trust people have when engaging with a transaction on your website.
PCI Compliance and Your Restaurant
Your payment processor might be compliant, but what about your restaurant. Ultimately, whether your restaurant in its entirety is PCI compliant is up to you. That means you need to do the leg work to ensure it is following all guidelines.
Here are a few ideas to make sure you’re protecting your customers and your business.
- Use a different password for all systems | don’t rely on one or two of the same passwords for all of your accounts
- Update passwords every 90 days | and don’t just add a number to the end of your current one
- Never store sensitive data | we’ve seen many a restaurant write a credit card number on a piece of paper and lose it or store data in a simple excel spreadsheet. Just don’t do it. Implement protocols that ensure your employees aren’t doing it either.