» Contact Us 1-866-512-2033
Leaders in Secure Web-based POS
 Restaurant POS  Price your POS  About Halo  Resource Center  Customers  Partners  News  Contact Us 
> Resource Center
New to POS
Promotion
Blog
Restaurant Tips
Small Business Thrives
Restaurant Trends
Restaurant Public Relations
Know your Customer
Security
Environmental Restaurant Tips
Why Use a Point of Sale System?
Top 5 ‘new restaurant’ mistakes to avoid
How a Point of Sale System can help Increase Restaurant Efficiency
Why We Eat Out – The Science of Dining
Restaurant Makeover – 12 less-expensive strategies
Controlling your Restaurant’s Costs
Webinars
Events
Industry Links
Training


 

Secure Restaurant POS systems

Securing your POS system

Until it happens to you, a security breach of your restaurant seems like an unlikely event and something that always happens to other people – never you. Unfortunately this is not the case. Credit card fraud is on the rise and according to the Federal Trade Commission, almost 10 million people have been victims of credit card fraud in the last year alone.

The Facts

In a recent report by the American security company AmbironTrustWave, 62% of security breaches come from the food service industry. In fact, fraud incidents are more likely to occur when customers use their credit card information at the merchant or restaurant location versus through online purchases. This breach represents billions of dollars lost – both directly to the merchants, customers and financial institutions as well as indirectly from severed business relationships, bad publicity and negative word-of-mouth.

Credit card fraud and security breaches

A security breach is when highly personal information from a credit card is stolen. The magnetic stripe of a credit card stores this data, including the card holder’s name, card number and expiry date. The data is stored in the magnetic stripe because the information is required to process a purchase. After a transaction has been processed, there is no need for a POS system to store the sensitive data from the card, however, some older terminals do. The data theft occurs from the terminal that processed the transaction. This allows for hackers to steal the data from unknowing merchants through their unprotected systems.

Another means of acquiring credit card holder data is through skimming. Skimming is where a device is attached to a payment processing system and it allows for tracking of all the credit card information.

The consequences

With hackers and thieves in control of such important and sensitive information, the result is that billions of dollars is lost to fraud and identity theft. The AmbironTrustWave audit reported that in a restaurant security breach the perpetrator can get information on 40,000 card holders. In a skimming fraud, information from 200 card holders can be obtained.

Who is responsible for security breaches?

YOU – the merchant. Even though you might be the unsuspecting restaurant owner who has fallen victim to a hacker’s criminal actions, it is ultimately your responsibility to secure your business and POS technology against this.

Since some business owners continue to be negligent in protecting their customer’s credit-card information and security breaches are becoming more of a problem, the credit-card companies have started to work together to set standards for the industry.

New security standards

The new security standards are going to affect all merchants, irrespective of industry and size of establishment. What this means for food service providers is that everyone from small mom-and-pop diners to large national chains must abide by the credit-card standards – the Payment Card Industry (PCI) Data Security Standard.

PCI details the standards for all merchants on how to securely store and handle credit-card information, as it applies to all card brands including Visa, Mastercard, American Express and all financial institutions processing credit transactions. If a merchant does not adhere to these security standards, they are responsible for any breaches and are fined large amounts, some of which have exceeded $100,000.

All businesses will be required to become PCI compliant by 2010. There are several elements to become compliant – one of which is using PABP (Payment Application Best Practices) validated systems. Systems which are PABP certified have undergone rigorous auditing of their payment processing system. Merchants can work with their POS providers to ensure they are implementing the processes correctly, however, the ultimate responsibility is on the merchant.

Refusing or not fully complying with the standards will result in substantial fines or even the credit card companies refusing to process your establishment’s credit card transactions. A lofty penalty – but one that will none the less get the point across that security is a priority.

Halo & PABP Certification




As leaders in secure web-based POS systems, Halo will ensure you are prepared for security compliance requirements. Coming soon, Halo will be publishing all the requirements in the ‘Halo PABP Implementation Guide’ in Enterprise Manager and will be working with our customers to ensure that they are adopting and implementing the requirements properly.

There are several elements to become compliant – one of which is using a PABP validated point of sale system. Systems which are PABP certified have undergone rigorous auditing of their payment processing system. Halo is currently undergoing compliance procedures and will soon be a completely certified PABP compliant system.

However, it’s important to note that although having a PABP certified POS system is required to be PCI compliant, it is not enough. There are other responsibilities that lie solely with the merchant. Some other issues include how businesses train staff on security issues, the type of network it uses and its policy with visitors on the premises.

All these changes will positively impact your business. By assuring your customers that their credit-card data is protected, they can be confident that their information is secure and have confidence in the security of your establishment.

The negative publicity associated with a security breach can have dire if not irreversible consequences for a business. It doesn’t matter if you’re a small or large company – if a customer does not that feel that their personal information is safely secured, they might not continuing using your services.

More information will follow, and coming soon we will post the ‘Halo PABP Implementation Guide’ under the Help Appendix of Halo Enterprise Manager.

FAQ Questions

What does PCI & PABP stand for?

PCI - Payment Card Industry
PABP - Payment Application Best Practices

How did this come about?

To minimize the threat of security breaches and fraudulent activity, financial institutions merged security standards in the payment industry to be uniform across industries and service providers.

What do I have to do?

To be PCI compliant, Halo must be implemented in a secure environment. Merchants will have to ensure that their establishment operates with a secure network, and audits security measures regularly.

What differences will I notice in Halo?

There will be new Enterprise Manager password requirements and changes to how support accesses your terminal.

There has been a lot of talk about ‘track data’ – what is this, exactly?

Embedded in the magnetic strip of a credit card is the credit-card holder’s personal information including name, card number, account and expiry date. This data is required to process a purchase with a credit card, however there is no need for the merchant to store this information once the transaction has been processed. Security around this data dictates that is must be encrypted, and that it cannot be stored.

Where can I get more information?

http://usa.visa.com/merchants/risk_management/
https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
Regularly check Halo Enterprise Manager for updates.

Learn More About POS HALO Overview Request Live Demo

Privacy/Security Statement | Company | Site Map
© Copyright Vivonet Inc. All rights reserved.
Content Management System (CMS) by Marqui