Guest Vulnerability and POS

You may not think about it this way, but the guests who enter your stores and pass through your drive-thru lanes bring you more than money and huge appetites. With every transaction, they could be turning over to you their names, email and physical addresses, birth dates, bank account information and their credit card numbers, in essence their identities and their financial well-being. As an operator, your brand has created implicit trust based not on food but on private information. And you aggregate that data in batches, either captured in a cardboard carton in the back room or centralized in a data center. This is why retailers are prime targets for hackers: the convenience factor.

As an operator, your brand has created implicit trust based not on food but on private information.

By offering convenience to your in-store guests, you have unintentionally prepped, prepared and packaged their personal information for malicious intruders, who might never physically enter your establishment. Both EMV and Payment Card Industry (PCI) guidelines are designed to protect cardholder data and fight back against the data breaches we are reading about far too often.

The goal of PCI is to protect the cardholder data that is processed, stored, or transmitted by operators. PCI encourages best practices including building a secure network, protecting cardholder data, monitoring and testing networks, implementing access control systems, maintaining a vulnerability management program and an information security policy.

Ultimately, PCI standards are designed to make sure that the card data is not stolen. EMV means that in the case that a consumer’s credit card data is stolen, the content is rendered useless to the thieves. Additionally, EMV prevents skimming and cards from being duplicated. The chip in the card produces a unique encrypted record each time the card is used. Beyond EMV and PCI, there’s even more help coming from advances in POS Software. Technology providers, like Partech, have developed Cloud POS solutions, with EMV enabled processing solution for credit, debit and store value cards.

For guests who prefer mobile payment, mobile payment platforms are now combined with Quick Chip support to improve the guest experience and increase fraud detection. Here’s a helpful seven-point checklist for any data security platform you might be considering:

• Is it Cloud-based?
• Does it support Apple Pay, Google Pay, Samsung Pay, and PayPal with Near Field Communication (NFC)?
• Does it have Quick Chip capability for EMV processing?
• Can it store and forward for approval offline transactions?
• Does it work on all possible consumer devices?
• Does it include Point-to-point encryption (P2PE)?
• Is it PCI-DSS and PA-DSS v3.2 certified?

Solutions like PAR Pay provides real-time transaction visibility through a cloud-based portal, which allows operators access to view settlement and transaction, analyze payment trends, reconcile payments and manage chargebacks across all stores securely from the Cloud.  

What’s most important for operators is having the flexibility to implement their choice of industry-standard PCI security solutions today and adapt their POS system to support new security capabilities as PCI standards evolve.

It’s time to let the convenience be on your side, so you can protect the guests who entrust their personal information to you with each order.