New Security Standards in 2011

Revised payment-processing guidelines will go into effect Jan. 1, 2011, for restaurateurs accepting credit or debit cards.

Restaurants and other businesses that capture and store credit and debit card data on their computers will be required to meet updated security standards beginning next year.

Version 2.0 of the guidelines, developed by the PCI Security Standards Council, doesn’t include major new requirements. Instead, it contains some revisions and clearer guidance for merchants and others who must make sure that security meets the council’s criterion.

“Feedback that we’ve gotten really didn’t call for any major changes to the standards,” says Bob Russo, general manager of the council, which was established by the payment card industry. “That is a testament that the standards are pretty solid.”

The new version was announced in late October and becomes effective January 1. Systems that met the standards’ previous version have additional time to make sure they comply.

Russo says the new guidelines deal with security of payment account data as well as payment applications—the computer software that processes, transmits, and/or stores card data electronically, including restaurant point-of-sale systems.

“One of the biggest things that merchants, including restaurants, need to understand is where the cardholder data is on their network,” he says. “We are finding that the information is being stored in areas that the business never knew about.”

To help small businesses comply with PCI standards, the council updated its website, www.pcisecuritystandards.org, to include more user-friendly language, forms to help merchants self-evaluate their compliance, and a list of software that meets the guidelines.

Experts say fraud resulting from the theft of payment-card data remains a huge problem in America, despite security improvements. Card fraud costs the U.S. card-payments industry $8.6 annually, according to a report by Boston-based research firm Aite Group.

“We’ve been seeing an increase in different types of attacks,” says Eric Knight, senior knowledge engineer with LogRhythm, a Boulder, Colorado–based security management company. “Cyber criminals are willing to use more creative and innovative methods. Card fraud used to be more opportunistic. Now, it is more organized.”

In one recent cyber attack, for instance, a retailer’s payment terminals were manipulated in dozens of stores, resulting in possible data theft from thousands of payment cards.

“This isn’t some kid tampering with the magnetic strip reader,” Knight says.

Data theft can have severe repercussions for merchants. They may suffer financial losses, fines from card providers, and, more importantly, damage to their reputations, which would create long-term consequences, such as losing customers and sales.

Consumers worry about payment card scams and the potential for identity theft, as well. Nearly two-thirds of Americans say they are seriously concerned about credit and debit fraud, according to a survey conducted earlier this year for Unisys Corp.

As a result, many restaurants and other businesses are looking more seriously at protecting their information systems, including the development of data retention and disposal programs, password management rules, and anti-virus benchmarks.

“When the PCI [standards] first came out, a lot of organizations, retailers, restaurants, and others, looked at these as nice guidelines, but not much more,” says Barak Feldman, senior systems engineer with Cyber-Ark Software, an information security company with offices in Newton, Massachusetts.

“Today, if you are not PCI-compliant, you are considered to be backward,” Feldman says. In addition to addressing current security issues, the new standards also have an eye on the future, says PCI councilman Russo.He says a company’s risk assessment a few years ago could have determined that the cost of losses and fines outweighed the price of meeting the standard. Not anymore.

“Going forward in 2011,” he says, “we are concentrating on some of the other technologies that will be a growing part of the payment-card industry, including point-to-point encryption, mobile-pay systems, and payment cards that have integrated chips.

The updated PCI standards will be covered in greater depth, followed by a question-and-answer period, during a webinar at 3 p.m. (Eastern Time) November 16 and at 11 a.m. (ET) November 18. To register go to https://www.pcisecuritystandards.org/training/webinars.php.

The PCI Security Standards Council was formed in 2006 by MasterCard, Visa, and other networks to manage the evolution of the payment-card industry. The latest standards were developed in response to thousands of comments from merchants, banks, processors, and others, and after a pair of community meetings in the U.S. and Europe.

By Barney Wolf

HME Hospitality and Specialty Communications Releases New Text-to-Speech Feature

HME Hospitality and Specialty Communications announced the release of Text & Connect, a powerful new NEXEO | HDX feature used to send real-time, personalized, text-to-speech alerts to select restaurant teams and stores via the NEXEO headset. Text & Connect revolutionizes store operations by enabling restaurant leaders to build employee engagement, recognize outstanding performance, and deliver consistent […]

California Pizza Kitchen’s $50,000 ‘Thank You Card’ Sweepstakes Ends April 22

California Pizza Kitchen (CPK) Thank You Card promotion – where every card is a winner – is still going on through THIS Sunday, April 22! Most importantly, $50,000 in cash is still up for grabs, which means everyone with an unopened Thank You Card needs to head out to their local CPK over the next five days to find the big grand […]

Peter D’Amelio Named Strategic Advisor to Leo’s Italian Social

Peter D’Amelio, CEO of PJD Hospitality and former president of the Cheesecake Factory, has joined Leo’s Italian Social as a strategic advisor to help steward its growth in the Midwest and along the East Coast. With an impressive 30-plus-year track record in the hospitality industry, D’Amelio brings a wealth of experience and expertise to the […]

Cameron Mitchell Restaurants Pledges $1 Million to Ohio State

The Ohio State University’s College of Education and Human Ecology announced a generous $1 million commitment from Cameron Mitchell Restaurants (CMR) on Monday for the renovation of Campbell Hall. The news was shared during The Big Dish, the Hospitality Management Program’s annual signature event, which celebrates the program’s graduating seniors and industry partners. The program’s […]

Kyuramen Opens in Sandy Springs, Georgia

Kyuramen, the renowned Japanese ramen chain, introduced its location at 6623 Roswell Rd NE, Sandy Springs, GA 30328 that brings authentic and innovative ramen experiences at an affordable price to Sandy Springs residents. Participating in Kyuramen’s nationwide “New Bowl Lottery Game,” the Sandy Spring location allows diners to have a chance to win a free […]

Denny’s to Offer Discounted Sweet Cream Cold Brew on 4/20

This 4/20, come to Denny’s for a brew-tiful celebration. In honor of National Cold Brew Day on April 20, Denny’s is pleased to provide Denny’s rewards members 20 percent off one Sweet Cream Cold Brew. Customers must become value members before April 20 to be eligible for this special all-day offer. No matter what holiday you’re celebrating, […]

You might also like...

Get daily updates on quick-serve industry news, tips, and events.