PCI Compliance Information - Iowa Restaurant Association

PCI Compliance Information

8 Essential Elements of PCI DSS

  1. Build and Maintain a Secure Network -- Install and maintain a firewall configuration to protect cardholder data. Do not use vendor-supplied defaults for system passwords and other security parameters
  2. Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks
  3. Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications
  4. Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know
  5. Assign a unique ID to each person with computer access Restrict physical access to cardholder data
  6. Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
  7. Maintain an Information Security Policy
  8. Maintain a policy that addresses information security


Most missed requirements in Restaurant Industry:


Requirement 1: Install and maintain a firewall to protect data

Requirement 3: Protect stored data

Requirement 6: Develop and maintain secure systems and applications

Requirement 8:  Assign a unique ID to each person with computer access

Requirement 10: Track and monitor all access to network and card data

Requirement 11: Regularly test security systems and processes


PCI Compliance is a serious and complex issue, but there are many resources available.

 

  • 4 out of every 10 cases of ID Theft occur from theft of sensitive credit card data information from restaurants with hackers specifically targeting restaurants due to their perceived vulnerabilities. This NRA Brochure gives a quick overview of your risks and responsibilities. Learn more

 

  •  Best Practices for Securing Credit Card Data -- Payment Card Industry Data Security Standard (PCI DSS) specifies a broad range of technical, administrative and physical security controls for protecting credit card data. While the PCI DSS is made up of only 12 main requirements, they are divided into over 200 sub-requirements, all of which must be satisfied in order to be considered fully compliant. Learn more