Credit Card Info and POS

Hi All,

I had posted this over on the competitions website and a buddy told me to ask here as well below is what I posted: Thanks again for another helpful resource

Tony
Read on:

I am in the process of getting a shop opened up in TX (Tryuing to bring a taste of NJ down towards the Houston area, and while getting my ducks in a row something my wife showed me was a bit troubling and confusing…
I have trolled here for a few years and figured what better place to come for some info…

She showed me an article about a large chain of restaurants who had their POS system hacked into by some theives and had all the customer information and credit card information stolen leading to big fines. Now I understand that this large chain may be able to absorb financial loss but being a 1 store operator (soon to be) How would handle this? How do you all handle this and prevent it from happening? Has anyone had this happen?
Thanks for your help

Tony

for starters, don’t keep your customer’s credit card info. i know it takes longer on each transaction to obtain it again, but you are putting yourself at a liability by retaining them. if you don’t have the cc#, you can’t lose the cc#. other info you have like name and phone number can be obtained fairly easily by buying mailing lists, so i don’t think you have a problem there. you can keep the info that is important to your customer registry- how often they buy, favorites, birthdays- but i would’t keep the credit info.
just my thoughts…
dave

thanks… from my understanding, the CC info is stored until I batch out at the end of the night therefore opening up opportunity for CC theft etc. Is this this case. I dont need any fines and now am hearing about a PCI comliancy thing with pos vendors or cc companies.

Thanks
Tony

What POS system will you be installing? I would imagine that all the POS systems will be set up to meet the requirements of the law, but check this with your POS provider. As far as the company in the article your wife showed you, I would imagine either they were using old software that didn’t comply with new laws or they were storing CC numbers where they weren’t supposed to be.

My Prism POS has integrated CC processing and after I input a CC number, I can’t find that number in the system. Possibly it’s there somewhere, but unless you know where to look, good luck.

Don’t worry about the stuff thats out of your control. CC fraud is definatly serious, but there isn’t much more you can do than what 100’s of thousands of other businesses are doing, which is rely on their processor to set them up and maintain them to be in compliance of federal guidlines.

I responded to your other posting about credit card security, but I’ll do it here too because it’s such an important topic…

Most of the rules governing credit card data security come from credit card associations. Here is a web site that will tell you everything you need to know: https://www.pcisecuritystandards.org/
The POS software you select needs to be “PCI Compliant,” meaning Payment Card Industry Compliant. All or almost all of the POS systems you’ll find that are targeted for your business are compliant, including ours.

Protection of credit card information involves more than just the point of sale software you use. Other elements include setting up and maintaining a secure network, internal business security practices, and using a PCI/PABP compliant credit card processor. It is a merchant’s responsibility to ensure that all the data security standards are met.

A summary of our compliance steps can be found here: http://www.pointofsuccess.com/creditcard.htm

I have to agree that its better to sway on the side of caution. I dont intergrate with my computer just batch out on the hypercom nightly… takes a few more minutes but worth the safty

I’ll be in Houston the first week of August. I will be happy to come by and answer any questions you may have.