- WHITE PAPERS
February 21st, 2013 - As online theft and fraud continue to increase - with no evidence of slowing down - Payment Card Industry (PCI) compliancy has become a critical issue within the restaurant industry. Restaurant online ordering and mobile app ordering are growing trends that indicate PCI compliancy is more crucial than ever before. Revention’s online ordering solution, HungerRush, is officially registered with Level 1 PCI Data Security Standard certification.
PCI Data Security Standard is a series of security requirements that any company that stores, processes or transmits credit card data must follow, in order to protect sensitive data and prevent the risk of fraud. Many reputable companies claim to be PCI compliant, but with so many misconceptions in the industry about PCI issues, a large number of these companies are, in fact, not compliant. PCI DSS certification is granted only after a lengthy process that involves many steps and procedures; to obtain this certification takes time, diligence, and true concern for data theft and customer protection.
“Completing the PCI DSS certification was costly and a rigorous process, but worth every minute to ensure we are doing everything we can to protect consumer data and our customers’ business,” stated Rick Doyle, Chief Technology Officer. After completing the card brand requirements, it is imperative that an online ordering service provider register with the card brands as a PCI compliant company. The card brand will validate the requirements and ensure a certified PCI Security Standards Council (PCI SSC), Qualified Security Assessor (QSA), and a PCI SSC Approved Scanning Vendor (ASV) were used to complete the requirements. The quickest way to find out if your online ordering company has been approved by Visa and/or Mastercard as a PCI DSS certified service provider is to check the following websites:
Visa Global Registry of Service Providers:
MasterCard PCI Compliant Service Provider List: http://www.mastercard.com/us/company/en/whatwedo/compliant_providers.html
A potential breach can damage brand reputation and consumer confidence, but those consequences are secondary to the possibly crippling financial penalties that can be assessed. The best way to minimize data theft is to follow the PCI DSS requirements. Operators should seek technology providers that are present on the card brands PCI complaint list; maintain a strong relationship with the provider and consistently follow their maintenance advice to further reduce risk.