About the sponsors
Chapter 1 PCI DSS defined
Chapter 2 More than a checklist
Chapter 3 Pitfalls to avoid
It can’t happen here
Failure to protect stored data
Compliance doesn’t equal security
Failing to make an adequate investment
Choosing a data security solution poorly
Having a short-term outlook
Chapter 4 Developing a culture of security
Keep remote access secure
Keep wireless networks secure
Maintain robust firewalls
Keep software up to date
Educate staff and management
Chapter 5 Where to turn for help
Chapter 6 Terms to know
If any restaurant operator doesn't comprehend the importance of maintaining security when it comes to credit card information, the following example should help.
In the summer of 2010, the credit card system at Julie's Place was infiltrated by hackers who gained access to customers' card information. Dave Wendland, who owns the popular Tallahassee, Fla., dining spot, said the data breach has cost his business both financially and professionally.
Beginning in July 2010, customers began telling Wendland that their credit cards had been used out of state and in Europe. Wendland called his POS provider, who assured him that both his remote credit card terminal and Internet connection were secure.
Eventually, the financial crimes unit of the local sheriff's office contacted Wendland. Investigators estimate there were more than $200,000 worth of fraudulent charges made to customers' credit cards as a result of the breach.
There was evidence that intruders were able to get past the system's firewall and remotely access the restaurant's credit card terminal and steal customers' information.
Following the breach, Julie's Place underwent a forensic exam that cost more than $12,000. Sales at Julie's Place were down several thousand dollars per week in the months following the breach, Wendland said.
Wendland's experience serves as a lesson on the importance of PCI compliance and data security. Theft of customer data is on the rise, and the costs associated with a data breach could shut down a business.
"Twenty-three percent of the hospitality industry experienced a data breach in 2009, with restaurants and hotels accounting for the majority of cases," said Tim Horton, vice president of merchant product development with Atlanta-based First Data, a provider of credit card processing services.
"Threats are evolving as organized thieves use ever-more sophisticated techniques to hack into more merchants' or restaurant operators' systems to steal sensitive data," he said.
In this guide, sponsored by Vendor Safe Technologies, learn what PCI is, how business operators can become PCI compliant, pitfalls to avoid and where business operators can turn for help if the task becomes too daunting.