PCI DSS Compliance

Home > Services > PCI DSS Compliance
Pinnacle Technologies Logo

Is Your Restaurant PCI DSS Compliant?

ATTENTION DIGITAL DINING CUSTOMERS, if your Digital Dining Software Version is older than 7.3.05 then on July 1, 2010 your system is no longer PA-DSS and PCI-DSS Compliant! Please call 801-373-9100 to schedule an upgrade as soon as possible! We will also send out reminder letters to our Digital Dining Customers!

Starting July 1, 2010, new national regulations reguarding storing of Credit Card numbers on computer based systems takes effect. Digital Dining versions 7.3.05, 7.4, and newer encrypts stored Credit Card information providing security protection in compliance with PA-DSS and PCI-DSS regulations. At Pinnacle Technologies we are seeking to provided PCI-DSS Compliance to all of our clients. The following explanations are to help you assess if your restaurant is in compliance with PCI-DSS.

The PCI DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where cardholder data is stored, processed or transmitted, including all Point of Sale (POS) Terminals, Computers, and Servers.

The following 12 high level Requirements comprise the core of the PCI-DSS Standards are found on Visa's Website:

    Build and Maintain a Secure Network
  1. Install and maintain a firewall configuration to protect data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

    3. Protect Cardholder Data
  3. Protect Stored Data.
  4. Encrypt transmission of cardholder data and sensitive information across public networks.

    5. Maintain a Vulnerability Management Program
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.

    7. Implement Strong Access Control Measures
  7. Restrict access to data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.

    10. Regulary Monitory and Test Networks
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.

    12. Maintain an Information Security Policy
  12. Maintain a policy that addresses information security.

Digital Dining versions 7.3.05, 7.4, and newer meet PA-DSS Compliancy Standards, and some of the software and hardware requirements for PCI-DSS Compliance through the use of encrypted transmitions of sensitive information, fingerprint identification for employee logins, firewall technology thus blocking unauthorized outside Internet access to the internal network, and inhibiting employees from removing Credit Cards from customers table side through the use of Hand Held technology. Compliance with PCI-DSS goes beyond software to include physical security and company policies.

Restaurants who do not comply at least partially with PCI-DSS may be subject to fines or penalties by Credit Card companies. Visa on their Website states:

"If a merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may: • Fine the acquiring member • Impose restrictions on the merchant or its agent • Permanently prohibit the merchant or its agent from participating in Visa programs Members receive protection from fines for merchants or service providers that have been compromised but found to be CISP-compliant at the time of the security breach. Members are subject to fines up to $500,000 per incident for any merchant or service provider that is compromised and not CISP-compliant at the time of the incident."

As the video above states, Fines or Penalties emposed by Credit Card companies may be the least of the concerns for Restaurants in the case of a breach. It is the responsibility of the restaurant to choose to which level it they want to obtain compliance. Pinnacle Technologies provides recommendations and help to Digital Dining customers in obtaining and maintaining PCI-DSS Compliance. For questions, concerns, or to schedule a meeting in how your restaurant can become PCI Compliant, please call Pinnacle Technologies at (801) 373-9100. To develop a self-assessment of an individual site's compliance visit the PCI Security Standard's Website to download a self evaluation checklist.


Products

Digital Dining BizTracker Retail POS Talon DVR Security System