Cardholder data is a prime target for identity theft and data thieves. All businesses that handle cardholder data must follow a set of standards set by the Payment Card Industry (PCI) leaders like Visa and Mastercard. Following these data security measures are crucial to keep customer data safe. Here are 5 ways you can protect customer data at your restaurant.
1. Know Your Vendors
Knowing what kind of security measures your vendors and integrations use can support your own data security. Many breaches are caused by third parties who have access to a company’s data.
Think about your vendors for electric, produce deliveries, and payment processing. What kind of security program or firewall do they use? If the vendor experiences a hack, how could that affect your restaurant and what are you liable for?
Ask your vendors what security measures they have in place and how they protect customer data. Your payment processor should encrypt and tokenize sensitive card information to keep it safe from data thieves. And any piece of software you use should be up to date on its security.
2. Stay PCI Compliant
PCI compliance is required for any business that handles cardholder data. As a restaurant owner, PCI compliance means training your staff on how to responsibly handle cardholder data, securing your POS, and properly handling signed receipts.
One way to manage POS security is by making sure your payment processing takes place on a dedicated Internet connection, separate from your business or guest WiFi. Failing to be PCI compliant can result in fines or worse: a data breach.
You payment processor can help explain what you need to do to stay PCI compliant. Some payment processors charge a monthly fee to cover any PCI noncompliance; others like Fattmerchant offer complimentary PCI compliance services to help you secure sensitive data.
3. Encrypt Credit Cards
If you store any kind of payment information, you need to be encrypting it with tokenization. This replaces the card data with a “token” – a random string of numbers. That means that if a hacker gets access, they won’t be able to actually see the real card numbers.
Tokenization is the PCI-compliant method of storing card data and can protect you from data breaches that result in stolen card numbers.
Even if you don’t store card numbers, you still need to protect customers. If you do store customer names and phone numbers such as for a loyalty program, you also need to keep this safe.
4. Create a Guest WiFi Network
Free WiFi can be a great way to attract customers, but it can present risks to security if you leave it unprotected. Creating one network for business use and a second, guest-only WiFi network for your customers can lower your risks.
Set up the network with your Internet Service Provider and make the password accessible to your customers. Your data will be less vulnerable to breaches and you’ll still be able to offer your customers free WiFi!
5. Don’t Collect More Information than You Need
Having too much data on your customers can pose a security risk for your restaurant. Receipts have their fair share of customer data on them, including the cardholder’s signature and occasionally their phone number.
Keeping receipts in your locked cash drawer is the PCI-compliant way to store them. At the same time, having only the customer information you absolutely need lessens the risk from data breaches.
PCI compliance and data security keep cardholder and customer data safe from breaches or attacks. Choose a payment processor that follows best practices for payment security for your restaurant. And, keep your staff training up-to-date to keep that sensitive information safe and prevent non-compliance fines. The safer your customer’s data is, the smoother your restaurant will run!
Guest post by Fattmerchant