| Until it happens to you, a security breach of your | | | | from 200 card holders can be obtained. |
| restaurant seems like an unlikely event and something | | | | Who is responsible for security breaches? |
| that always happens to other people - never you. | | | | YOU - the merchant. Even though you might be the |
| Unfortunately this is not the case. Credit card fraud is | | | | unsuspecting restaurant owner who has fallen victim |
| on the rise and according to the Federal Trade | | | | to a hacker's criminal actions, it is ultimately your |
| Commission, almost 10 million people have been victims | | | | responsibility to secure your business and point-of-sale |
| of credit card fraud in the last year alone. | | | | technology against this. |
| The Facts | | | | Since some business owners continue to be negligent |
| In a recent report by the American security company | | | | in protecting their customer's credit-card information |
| AmbironTrustWave, 62% of security breaches come | | | | and security breaches are becoming more of a |
| from the food service industry. In fact, fraud incidents | | | | problem, the credit-card companies have started to |
| are more likely to occur when customers use their | | | | work together to set standards for the industry. |
| credit card information at the merchant or restaurant | | | | The new security standards are going to affect all |
| location versus through online purchases. This breach | | | | merchants, irrespective of industry and size of |
| represents billions of dollars lost - both directly to the | | | | establishment. What this means for food service |
| merchants, customers and financial institutions as well | | | | providers is that everyone from small mom-and-pop |
| as indirectly from severed business relationships, bad | | | | diners to large national chains must abide by the |
| publicity and negative word-of-mouth. | | | | credit-card standards - the Payment Card Industry |
| Credit card fraud and security breaches | | | | (PCI) Data Security Standard. |
| A security breach is when highly personal information | | | | PCI details the standards for all merchants on how to |
| from a credit card is stolen. The magnetic stripe of a | | | | securely store and handle credit-card information, as it |
| credit card stores this data, including the card holder's | | | | applies to all card brands including Visa, Mastercard, |
| name, card number and expiry date. The data is | | | | American Express and all financial institutions |
| stored in the magnetic stripe because the information | | | | processing credit transactions. If a merchant does not |
| is required to process a purchase. After a transaction | | | | adhere to these security standards, they are |
| has been processed, there is no need for a POS | | | | responsible for any breaches and are fined large |
| system to store the sensitive data from the card, | | | | amounts, some of which have exceeded $100,000. |
| however, some older terminals do. The data theft | | | | All businesses will be required to become PCI |
| occurs from the terminal that processed the | | | | compliant by 2010. There are several elements to |
| transaction. This allows for hackers to steal the data | | | | become compliant - one of which is using PABP |
| from unknowing merchants through their unprotected | | | | (Payment Application Best Practices) validated |
| systems. | | | | systems. Systems which are PABP certified have |
| Another means of acquiring credit card holder data is | | | | undergone rigorous auditing of their payment |
| through skimming. Skimming is where a device is | | | | processing system. Merchants can work with their |
| attached to a payment processing system and it | | | | POS providers to ensure they are implementing the |
| allows for tracking of all the credit card information. | | | | processes correctly, however, the ultimate |
| The consequences | | | | responsibility is on the merchant. |
| With hackers and thieves in control of such important | | | | Refusing or not fully complying with the standards will |
| and sensitive information, the result is that billions of | | | | result in substantial fines or even the credit card |
| dollars is lost to fraud and identity theft. The | | | | companies refusing to process your establishment's |
| AmbironTrustWave audit reported that in a restaurant | | | | credit card transactions. A lofty penalty - but one that |
| security breach the perpetrator can get information on | | | | will none the less get the point across that security is a |
| 40,000 card holders. In a skimming fraud, information | | | | priority. |