ADVERTISEMENT

Credit card industry focuses on restaurant security measures

By

The credit card industry has been coming down hard on tens of thousands of restaurants that have not sufficiently protected diners' credit card data from potential theft, with Visa, MasterCard and financial institutions that process electronic payment over recent months sending warnings letters and holding seminars.  Such moves are aimed at forcing restaurants into taking additional steps to guard credit card information.

According to companies that process card transactions, tens of thousands of eateries are not complying with credit card industry security rules.  Any company that takes plastic is required to follow a set of security regulations instituted by Visa, MasterCard, American Express and Discover.

Data recorded by Visa indicates that since January 2005, restaurants made up around 40 percent of incidents in which criminals gained unauthorized access to credit card information -- accounting for the largest percentage of incidents for a merchant category.

Separately, AmbironTrustWave, a Chicago-based data security auditor for merchants, reported that 62 percent of the security violations it witnessed during the prior 18 months occurred in the restaurant industry.  

The violations involved various security lapses such as poorly guarded wireless networks -- which enable thieves to access information from the parking lot using a laptop -- and lax systems that make it possible for unethical employees to grab credit card information. 

Consumers often are unaware when their credit card information is in danger. Not all security breaches produced successful fraud, and most merchants do not acknowledge incidents unless there is a significant likelihood that a major fraud will take place or has already been identified. In addition, credit card issuers usually do not close a customer's account unless fraud has taken place.

Restaurateurs may have a tough time with credit card security rules, since the regulations can be difficult for smaller merchants.  The National Restaurant Association trade group says that it hears from restaurant owners who thought they complied with rules, but found out their systems were not functioning properly and were penalized.

Fines for restaurants that violate credit card industry rules by storing credit card information have amounted to more than $100,000 in some cases.  In 2006, Visa fined merchants across all categories $4.6 million for security violations, an increase from the $3.4 million in fines the previous year. 

Visa, which declined to provide a breakdown of merchant types, said it recently held special security briefings with several hundred restaurants, a merchant group Visa believes needs additional attention.

At the same time, companies that process credit card transactions are also turning up the heat on restaurants.  These companies have threatened to end services to those that do not follow security regulations.

Credit card companies are especially worried about specialized software restaurants use, which combine such features as tabulating bills, delivering orders to the kitchen and tracking reservations.  Since credit card companies cannot require software makers to abide by their security rules, they instead apply pressure to restaurants.  Visa maintains a list on its website of software programs that meet its requirements.

But software makers that even with the best software, restaurants could be in trouble of they lack ample password protection or firewalls.  Software companies say it is not up to them to let restaurateurs know what they must do to be in compliance with credit card rulers.

Published: March 30, 2007


Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.




Follow Us


Updated: 09-26-2016


Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.


ADVERTISEMENT