• 
• 
• 

What is PCI Compliance?

The five major credit card brands, VISA, Mastercard, American Express, Discover and JCB joined forces in 2004 to create the payment card industry data security standard (PCI). It's sole purpose is to help merchants build a security program that meets the requirements expected by the card brands. This came about as a result of several high-profile security breaches occurred (credit card numbers stolen and fraudulently used). Everyone accepting credit cards must be PCI compliant.

PDQ Compliance

The PDQ software is PA DSS validated, meeting the July 1, 2010 deadline created by the PCI DSS (PCI Data Security Standard). All future PDQ POS Installs will come with a PDQ Compliance Program. The program includes the following:

PDQ Compliance Program

• PDQ POS software that is PA DSS Validated


• PDQ POS hardware that is PCI Compliant


• Up to $150,000 breach warranty


• Quarterly scans of your system by a certified ASV Partner


• Shortened annual SAQ questionnaire

PCI Acronymns

• PCI DSS - Payment Card Industry Data Security Standard


• PA DSS - Payment Application Data Security Standard


• SAQ - Self-Assessment Questionnaire Click here for Pre-SAQ Checklist


• QSA - Qualified Security Assessor


• ASV - Approved Scanning Vendor Click here for 403 Labs Screening


• PED - PIN Entry Device (PIN Pad)

Top 5 PCI Deficiencies in Restaurants

1. Educating credit card handling staff and management

   Click here to view Vendor Safe Video
   Click Here to Download Video (135 MB)

   While implementing security, too many businesses focus on the technical aspect of the network, discounting the importance of user educations. People are often the weakest link in a security plan. By taking the time to incorporate the elements of PCI security, businesses can increase the protection of their sensitive data without making any additional investment in their infrastructure.

2. Insufficient or Poorly Managed Firewall
   

   If a merchant has an internet connection, that communication should be managed by a firewall. By definition, a firewall is a devise that allows or prohibits certian types of communication based on a set of criteria, commonly referred to as a rule set.

   The firewall can be thought of as the device that acts as the gatekeeper between the public Internet and the private cardholder data environment. In the typical merchantenvironment, the firewall is the first line of defense against external threats. The problem many businesses face is that not all firewalls are created equal and the rule set is only as good as the indivdual - hopefully a security expert - who set up the protection.

3. Out-of-Date Point of Sale Software
   

   Once compliant software is available, it is up to the merchants to upgrade their systesm acc ordingly. If a location has insecure software managing credit card transactions, then that business is a prime target for cyber thieves. Visa has taken an active role in mitigating this issue by demanding that credit card acquirers, the entities that issue credit card merchant accounts, refuse to accept payments from merchants who are not running PCI compliant software by July 2010. The latest version of PDQ POS Software is PA-DSS Compliant. Current Customers: Please complete the PCI Questionnaire below to ensure that your current verison of PDQ POS Software is compliant.

4. Open Wireless Networks
   

   Open wireless refers to networks that have wireless communication, typically using a wireless ethernet or bluetooth, with insufficient protection to prevent unauthorized entry into the network environment (typically Wi-Fi hotspots).

5. Insecure Remote Access
   

   Remote access is a process by which someone who is not physically located at the computer uses electronic mean to make a connection to that computer. Complete the PCI Questionnaire below to ensure that your network is compliant.

Current PDQ customers fill out the form below to determine your level of compliance.