While technology can help generate more sales and greater efficiency, it also brings a host of headaches for restaurant owners whose forte is serving up creamy pasta or roadside meals, not keeping up on the latest hacking methods.

Criminals interested in stealing personal identities or credit card numbers through vulnerabilities in credit card payment systems increasingly are turning their dark craft on restaurateurs. High volume, complexity and the large number of individuals involved in typical transactions present multiple opportunities for data breaches.

Maintaining security standards is particularly relevant in the restaurant environment where most establishments haven’t yet made the switch to pay-at-the-table devices. Credit cards are frequently compromised as customers hand them to restaurant staff who take the cards out of sight to complete the payment transaction. In a process known as skimming, a small device is used to copy the data on the magnetic strip; it’s easy to do in restaurants where the card leaves the consumer’s hand and is out of sight for several minutes.

Restaurants More Susceptible to Fraud

Trustwave, a provider of on-demand data security and payment card industry compliance management solutions, found that foodservice merchants account for 54 percent of the 350 incidents of credit card compromises that it investigated over a two year period. Other retail segments account for 25 percent. Trustwave's investigations also revealed that 70 percent of the cases involved card-present transactions, with card-not-present [such as phone and Internet orders] accounting for only 30 percent.

And in a recent Merchant Link survey of restaurants “security of customer credit card data” ranked highest among a range of credit card transaction concerns, and more than two-thirds of respondents—68 percent—say customer concerns over credit card security have increased.

Why Become PCI Compliant?

In spite of these daunting numbers, there are some simple steps operators can take to protect their customers, their sales and their good brand name in a very competitive environment.

The most practical—and often most misunderstood—step is to become PCI compliant, a term most restaurant owners are probably familiar with that stands for Payment Card Industry security standards. The PCI standards apply to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data.

PCI PED covers PIN entry devices and PCI DSS (data security standard) includes security measures like encrypting or masking customer data, regularly updating antivirus software, restricting access to card data to only certain authorized personnel, and protecting stored information with firewalls, among other things.

Achieving PCI compliance might seem difficult for restaurants struggling to keep up with security requirements, which are sometimes difficult to implement, maintain and monitor. But savvy restaurant operators realize that the stakes are high and without PCI compliance, business risks can be great. Merchants can be fined and held responsible for charges associated with card replacement costs and providing consumers with ID Theft protection for those who were compromised. Not to mention loss of reputation costs once the security breach information reaches the headlines. There are many security firms who can help not only with PCI certification, but also in providing guidance as to how to maintain maximum security so that merchants remain compliant at all times.

Implementing PCI Compliance Standards

Set clear business policies for your employees regarding the processing of credit/debit and payroll card data. Many security breaches actually happen within an organization, so it is critical that policies are clear to employees.

Update your employees regularly with new or different measures being used to ensure PCI compliance. Make sure that you keep your employees up-to-date on any changes made that affect the security of the data you store or transmit.

Keep records of how your business is complying and validating the PCI standards. Remember that you will be audited and keeping good records will assure that your company will remain in good standing with the credit card companies.

Be involved in all IT decisions regarding how your business will comply with the regulations.