Am I required to be PCI Compliant? Part 2

By law? No. By your credit card processor? Yes.

In a nutshell, PCI DSS is a baseline information security program. The PCI DSS outlines security best practices like utilizing a security firewall and using password best practices. Merchants are required by their credit card processors to adhere to PCI requirements and are asked to attest their compliant status annually. The merchant’s processor may ask them to fill out an SAQ (self assessment questionnaire) or conduct a QSA-led (qualified security assessment) PCI assessment as part of the client’s annual compliance validation process.

Are There Penalties?

Yes. The penalty for refusal to adhere to the PCI DSS and the processor’s compliance validation requirements could result in significant potential suspension from credit processing networks and significant fines. These fines include chargebacks to the merchant, and potentially additional third party auditing costs.

It is more important now than ever to make PCI DSS a constant priority in all business considerations. The continuity the program provides will help ensure protection of cardholder data from malicious individuals. Because the world of digital transactions is ever-evolving, continuing to stay current with PCI practices is the best way to stay informed of the latest security practices.

Retail Data Systems Payment Services Receives Highest Honor from WorldPay

Alpharetta, GA:  Retail Data Systems Payment Services Division was awarded the highest honor at WorldPay’s Annual Awards Dinner last month in Alpharetta, GA. RDS General Manager Tom Wilyard accepted the honor for 1st Place MSP Volume, awarded to the #1 Independent Sales Organization (ISO) with the largest volume of card processing transactions in the U.S. with WorldPay. This collaboration spans the restaurants, grocery, retail and convenience store industries.

Tom Wilyard

Pleased with the recognition, Wilyard had this to say, “This year’s success is due to our RDS branch partners and staff who have continuously strived for excellence with deployments, training and support for encrypted POS transactions. Worldpay continues to share our commitment to our clients by providing excellent communication, support and feature rich products to RDS and our clients.

Retail Data Systems is the largest provider of Point Of Sale Hardware and Software, in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete Point Of Sale technology. Our team of over 400 professionals assure our customers of the best 24/7/365 service available. Our list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, please visit rdspos.com.

Worldpay is a global leader in payments processing technology and solutions for our merchant customers. We operate reliable and secure proprietary technology platforms that enable merchants to accept a vast array of payment types, across multiple channels, anywhere in the world. For more information, please visit http://www.worldpay.com.

Am I required to be PCI Compliant?

Think of the Payment Card Industry Data Security Standards (PCI DSS) as an umbrella that covers any entity that stores, processes, or transmits cardholder data; and even extends to service providers with the ability to affect the security of the cardholder data environment.

PCI Compliance is a requirement for any entity that meets the description above, because it works for business continuity. On your journey toward compliance, it is important to remember that there is a difference between the PCI DSS Compliance and PCI DSS Compliance Validation. Complying with the PCI DSS is not a feat that can be conquered overnight; it is an IT project.

**
PCI Compliant graphic borrowed from Nettitude (credit https://www.nettitude.com/a-guide-to-starting-the-pci-dss-process/)

THE VIEW FROM ABOVE: QIR Customer Experience Highlights

To maintain their certification, QIR companies are held accountable for the impact they have on the security of the cardholder data environment as they work to uphold the Payment Card Industry Security Standards Council (“PCI SSC”) Code of Professional Responsibility. Over the course of the last year, RDS has made major investments related to meeting the new QIR qualification and implementation requirements. Trained by the PCI SSC, RDS employees perform Qualified Installations every day in accordance with the QIR Program.

The diagram above shows the Qualified Installation process and parties involved. (diagram credit PCI-SSC)

The PA-DSS Implementation Guide is prepared by the software application vendor, such as NCR, and passed to the QIR Company (RDS). The QIR qualified employee uses this vendor-provided PA-DSS Implementation Guide, QIR Implementation Statement Instructions, and their knowledge of the PCI DSS, when implementing the payment application software into the merchant’s environment.

Throughout each stage of the implementation, the QIR employee documents details related to the install and PCI DSS on an Implementation Statement. This document provides a record of their work with a checklist of implementation/functionality items for the QIR employee to test and sign off. Within 10 business days of the installation, the QIR installer reviews the completed Implementation Statement for Quality Assurance. Once the document is signed off, the customer receives a copy for their records. To ensure continuing process improvements, the customer is invited to share their experience through a survey located on the PCI SSC website. The QIR Feedback Form serves as a tool for the PCI SSC to validate the performance of the QIR Company, in accordance with the QIR Program Requirements, through the customer’s experience.

RDS appreciates our customers’ feedback and can help guide and assist you as needed on your PCI Compliance journey. If you have any questions about our QIR Program, please email: compliance@rdspos.com.

QIR and The Small Merchant

Did you know that 60% of small businesses go under within 6 months of a cyber attack*? According to industry research**, restaurants and retail small business merchants make up the biggest portion of total known breaches, and only about 20% are compliant with the Payment Card Industry Data Security Standards (PCI DSS).

In credit card processor speak, small business merchants fall into the Level 4 merchant category. As such, they are required to adhere to the PCI DSS and to demonstrate Payment Card Brand specific compliance annually. Failure to do so results in penalties by the processor. Merchants have seen many changes to their credit processor validation requirements over the last several years between updates to the PCI DSS, hardware, and the recent VISA Qualified Integrator and Reseller (QIR) mandate.

Last year VISA issued a QIR mandate to Level 4 merchants and were given a deadline of February 2017 to begin utilizing only PCI Security Standards Council (PCI SSC) qualified QIR Companies for Point of Sale activities, or pay a fine. This is the first mandate of it’s kind, and other payment card brands are anticipated to follow suit in the near future. The mandate is meant to alleviate compliance risk during implementation and ongoing maintenance support of point of sale systems. By using organizations that have completed the PCI SSC QIR qualification, merchants improve security by ensuring that point of sale systems are installed and integrated in a manner that facilitates the merchant’s PCI DSS compliance and ultimately reduces risk.

RDS has over 130 QIR qualified technicians and is dedicated to cultivating internal PCI DSS awareness and serving as a resource to guide our customers throughout their PCI Compliance journey. As a QIR Company, RDS only installs and maintains PA-DSS validated payment applications and implements data security into every facet of business operations, from the implementation of point-of-sale systems, to keeping our employees trained and up-to-date with the latest security standards.

In the POS industry since 1950, RDS has continuously adapted and grown through many changes providing smarter products and support to our clients year after year. This includes cultivating PCI DSS compliant processes and environments to serve as an advisor to our clients. RDS is proud to have over 130 employees QIR qualified to conduct Qualified Installations and assure compliance with the PCI DSS.

*Cyber Security Statistics – Numbers Small Businesses Need to Know, Jan 3, 2017, Small Business Trends (https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html)

**Verizon 2015 PCI Compliance Report
Visa graphic borrowed from PCI SSC (credit www.pcisecuritystandards.org)

Crazy Bowls & Wraps Selects PAR’s Cloud-Based Brink POS® Software

Solution also includes Brink Online/Mobile Ordering and PAR EverServ® Terminals

New Hartford, NY- July 27, 2017 – ParTech, Inc. (PAR), a leading global provider of point of sale (POS) and workforce efficiency solutions to the restaurant and retail industries, announced Crazy Bowls & Wraps has selected PAR’s Cloud-Based Brink POS® Software and EverServ® 500 and 550 terminals for all 16 locations, with plans to expand with additional new store openings this year. Crazy Bowls & Wraps serves fresh, real food that is made from scratch daily.

ParTech, Inc. is a wholly owned subsidiary of PAR Technology Corporation (NYSE: PAR).

Crazy Bowls & Wraps was using a legacy point of sale solution, which made it difficult to implement back of house applications that integrated with above-store accounting, operational, and human capital systems. It was also extremely labor intensive to perform menu and price changes, as each location required individual updates performed by management. Efficiently analyzing customer and transactional information was a challenge, as well.

“With the capability of cloud technology today, we started searching for a solution that gave us remote management from anywhere, with a partner that could be there for us locally as we continue to expand our brand,” said Keith Kitsis, Founder, Crazy Bowls & Wraps.

RDS St. Louis, a value-added reseller, facilitated the process to identify the best solution for their needs.

The Brink solution, a cloud-based enterprise management system, will enable Crazy Bowls & Wraps to centrally control and deploy updates to all 16 locations, integrate with the current and future above-store systems, and position Crazy Bowls & Wraps for growth.

RDS and PAR have provided great insights and support in the seamless transition of the new system and the growth of our omni-channel presence, providing our customers more ways to “go for the good.” From the store to the office, we have been pleased in the ease of use and expandability the product offers,” added Kitsis.

Crazy Bowls & Wraps is seeing improved customer engagement by offering them a best in class omni-channel experience from Brink’s online and mobile ordering platforms, and investigating the comprehensive loyalty solution. Although they are early in the process of implementing this, they are seeing great potential in both incremental revenue and speed of service improvements.

“We are excited to have Crazy Bowls & Wraps select Brink for all locations. Brink was designed to be  forward thinking and with the end user in mind, resulting in an easy to use and quickly adoptable solution,” said Paul Rubin, Chief Strategy Officer, ParTech, Inc. “With Brink online ordering and loyalty in place, guests will have a more engaging experience, and a more convenient and accessible way to order their favorite CBW dishes.”

“RDS is proud to have the opportunity to partner with Crazy Bowls & Wraps in providing PAR’s cloud-based Brink POS Software,” said Chris Cutting, General Manager, Retail Data Systems of St. Louis (RDS). “With the solution’s robust reporting and remote management capabilities, it addressed the issues that were once faced with their traditional, legacy systems. It is exciting to see CBW grow and offer the best possible experience for customers with online ordering and loyalty options. “

ABOUT CRAZY BOWLS & WRAPS

Crazy Bowls & Wraps opened its first store in St. Louis, MO in 1994. While CBW has continually evolved and expanded over the years, they continue to serve fresh, real food that is made from scratch daily. By making it easier to enjoy delicious, fresh ingredients, CBW helps people feel good about themselves and the world we share. For more information and a list of locations, visit http://crazybowlsandwraps.com/.

ABOUT RETAIL DATA SYSTEMS (RDS)

Retail Data Systems is the largest provider of Point of Sale Hardware and Software in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete Point of Sale technology. Their team of over 400 professionals assure customers of the best 24/7/365 service available. Their list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, visit http://www.rdspos.com/.

ABOUT PAR TECHNOLOGY CORPORATION

PAR Technology Corporation’s stock is traded on the New York Stock Exchange under the symbol PAR. PAR’s Restaurant/Retail segment has been a leading provider of restaurant and retail technology for more than 30 years. PAR offers technology solutions for the full spectrum of restaurant operations, from large chain and independent table service restaurants to international quick service chains. Products from PAR also can be found in retailers, cinemas, cruise lines, stadiums and food service companies. PAR’s Government segment is a leader in providing computer-based system design, engineering and technical services to the Department of Defense and various federal agencies. For more information, visit https://www.partech.com/ or connect with PAR on Facebook and Twitter.

Software 4 Retail Solutions Releases S4Vision For Unified Customers

Software 4 Retail Solutions has released S4Vision for Unified Grocers customers participating in Unified’s “Scan Advantage” store data and analytics program. S4Vision is a self-service business intelligence platform that accumulates and analyzes real-time point-of-sale (POS) transaction data, giving store owners and managers actionable reporting and analytics on their desktop, tablet or smartphone.

S4Vision connects store managers directly to high-level summaries of trends and performance, with detailed drill-down whenever and wherever they need it, Software 4 Retail says. Managers can see chain and store real-time sales, with period-over-period trends including metrics such as customer count, basket size, average retail and items per basket. They also can dive deeper into department sales and metrics to examine strong or under-performing areas of the business. The platform provides daily projections to help managers anticipate product demand and customer visits.

S4Vision’s capabilities include measuring key performance indicators such as open department sales, no sales, refunds and voids so managers can track store labor and prevent loss. Real-time alerts are issued for abnormal activity and performance. Additionally, customer traffic can be measured against cashier labor to validate labor schedules.

“We are very pleased to be a preferred technology partner with Unified Grocers,” said Rick Goertzen, GM of Software 4 Retail Solutions. We’re confident that Unified’s retailers will enjoy the convenience and control of having S4Vision’s real-time data and analytics in the palm of their hands, and quickly see increased performance and sales growth storewide.”

Brian Legate, manager of retail analytics at Unified Grocers, said, “We’re delighted to add S4Vision to our suite of mobile offerings to help our independent retailer customers better compete and grow in their marketplaces. S4Vision is well-suited for helping our retailers take full advantage of Unified’s Scan Advantage program and all that it offers.”

PAR Technology and RDS Press Release

PAR Technology Corporation (NYSE:PAR)

FOR RELEASE:  March 9, 2016

Giardino Gourmet Salads Selects Cloud-Based PAR Brink POS® Software to Help Maximize Profits, Loyalty and Operational Efficiency

New Hartford, NY – March 9, 2016 — ParTech Inc. (PAR), a leading global provider of point-of-sale (POS) and food safety solutions to the restaurant industry and subsidiary of PAR Technology Corporation (NYSE: PAR), announced today that Giardino Gourmet Salads, has selected PAR Brink POS software for its corporate and franchised stores. Giardino’s is a premier fast casual salad chain with 12 locations, based in southern Florida. Retail Data Systems (RDS), a reseller of PAR hardware and software and a long-time partner of Giardino’s facilitated the process to find a POS solution that would best serve the needs of their growing brand. The goal was to implement a technology solution that would enable loyalty and online ordering while providing enterprise level management to efficiently and proactively support their franchisees.

The cloud-based architecture of PAR Brink POS optimizes enterprise operation management across the brand, without the need for a back office computer. The implementation of Brink POS has eliminated the need to manage menu changes from each store location, saving valuable time and resources. As a franchisor, Giardino Gourmet Salads will have access to reports and real-time data including labor and sales on individual locations chain-wide to help franchisees make informed, proactive decisions to drive revenue.

Giardino Gourmet Salads is one of the first restaurants to deploy the Punchh mobile loyalty platform that was recently integrated into Brink with the latest software release. The Punchh-powered apps will help the brand drive loyalty and guest engagement and provide powerful analytical tools to grow the business and better understand the full network of its customers.

“We were planning to franchise from the start and never wanted Giardino Gourmet Salads to be a mom-and-pop restaurant, so implementing a scalable technology platform was a priority,” said Kenny Lugo, founder of Giardino Gourmet Salads. “At an industry event, we spoke with loyalty and mobile ordering providers who both highly recommended Brink for our business model. From these interactions and our relationship with RDS, we knew PAR was the right partner for us and that using Brink POS to its fullest potential would give us a pulse on our business from anywhere, supporting our aggressive growth plans.”

“Cutting-edge, cloud-based technology, like Brink POS, offers optimal scalability through its simple deployment and enterprise management capabilities, making it an ideal solution for growing fast casual and quick service chains like Giardino Gourmet Salads,” said Matt Sutton, general manager at RDS Miami. “We believe a partnership, like the one we have with PAR, allows us to provide not only the best solutions, but also smoother installation, more in-depth training and more efficient help desk services for our customers.”

“It is a true example of partnership between PAR, RDS, and our integration partners to provide Giardino Gourmet Salads with a POS solution that will support their business and drive their brand growth,” said Karen Sammon, President and CEO of PAR Technology Corporation. “The selection of PAR Brink POS by Giardino Gourmet Salads, a company that has been included on FastCasual.com’s Top 100 Movers and Shakers list for the past three years, further strengthens our position in the market as the POS solution for the growing fast casual operator. We are honored to add them to the PAR family and grateful to RDS for the continued support and expertise they provide to our collective customers.”

Giardino Gourmet Salads expects to have 14 stores open by the spring of 2016 and franchise commitments to open an additional seven additional locations in South Florida, Nashville, TN and Raleigh, NC.

About Giardino Gourmet Salads

Giardino Gourmet Salads is the premier fast casual salad concept in South Florida. Founded in 2004, the gardener chefs at Giardino serve the widest variety of individually hand-crafted, great-tasting salads and menu offerings using premium ingredients like freshly baked croutons and homemade deli salads. Currently with 11 South Florida locations and one in Nashville, TN, please visit http://www.giardinosalads.com for more information.

About PAR Technology Corporation

PAR Technology Corporation’s stock is traded on the New York Stock Exchange under the symbol PAR.  PAR’s Hospitality segment has been a leading provider of restaurant and retail technology for more than 30 years.  PAR offers technology solutions for the full spectrum of restaurant operations, from large chain and independent table service restaurants to international quick service chains. Products from PAR also can be found in retailers, cinemas, cruise lines, stadiums and food service companies. PAR’s Government Business is a leader in providing computer-based system design, engineering and technical services to the Department of Defense and various federal agencies.  Visit http://www.partech.com for more information.

About Retail Data Systems

Retail Data Systems is the largest provider of point-of-sale hardware and software in North America. Founded in 1950, RDS now operates over 25 offices serving customers across the nation providing complete point of sale technology.

Our list of industry leading POS hardware and software products provide a variety of solutions for companies large and small. For more information, visit www.rdspos.com.

###

Microsoft Windows Operating System XP Embedded Approaching End of Life

An Issue You Will Need to Deal With Sooner Than Later – Microsoft Windows XP Embedded‘s End of Life is in January.

XP Embedded, the workhorse of the modern Point of Sale age is going away.  After a more than 14 year run, extended support for the product is ending.  The reason?  Vulnerabilities in older encryption protocols such as TLS 1 will no longer be supported by Microsoft as they cannot get them to new standards on Windows XP based operating systems.  This will essentially render all systems with the XP operating system to be non-PCI compliant effective January 13, 2016.EndofLife

Included in this group are:

  • Microsoft Windows Embedded XP

Not updating your POS system to a compliant operating system will put your POS environment in violation of PCI compliance in at least 3 areas (quoted from PCI DSS v3: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf):

  • “6.2 Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.”
  • “11.2.1 Perform quarterly internal vulnerability scans and rescans as needed, until all “high-risk” vulnerabilities (as identified in Requirement 6.1) are resolved.”
  • “11.3.3 Exploitable vulnerabilities found during penetration testing are corrected and testing is repeated to verify the corrections

This means if you are running a POS system with Windows XP, you have to do something now.   Please contact us (http://www.rdspos.com) for an assessment on if your environment is at risk.

By Patrick Solum

The Busiest Airport in the World – Catches Restaurant Thieves with Our Help!

RDS Southeast has about 20 restaurant customers in the world’s busiest airport, Hartsfield Jackson Atlanta International Airport. Recently, we invited one of our restaurant group customers to install Restaurant Guard by NCR Hosted Solutions. With Restaurant Guard installed for only two weeks, yesterday we were told that our customer had caught three employees stealing red-handed and fired them!

Two employees immediately confessed and the third denied the charges but RG reports and video surveillance confirmed all three were thieves.  Police escorted the three out of the airport and charges are pending.

The scam the thieves were using was the “Reprint” scam. When a guest would order a common menu item like “Combo Number Two” and pay cash, the employees would reprint several copies of the receipt. Then, whenever another guest would come along later and order the same menu item the cashier would ring in the sale and hand the guest the pre-printed receipt. After the guest paid and walked away with their food, the cashier would simply clear/delete the items on the ticket without ever completing the sale. The $8.00 cash would go right in the cashier’s pocket!

Here’s the Astronomical effect of this “petty” theft:

Combo meal price:          $8.00

Reprint Scam if used only 5 times a day = ($8 x 5 times a day) = $40 a day

20 restaurants in the airport. Be conservative and say it only happens in half of them…

10 restaurants = ($40 a day x 10 restaurants) = $400 a day

7 days a week= (7 days x $400) = $2,800 a week

50 weeks a year = (50 weeks x $2,800) = $140,000 a year!!!!!    This restaurant group was losing over $140,000 in revenue a year to theft!
Restaurant Guard Price: $125 a month per location x 10 stores = $1,250 a month

$1,250 a month (10 stores) x 12 months = $15,000 a year.

Pay $15,000 a year to get $140,000 increase in sales? Not a bad investment! Remember also, this was just one scam caught. It may be just “the-tip-of-the-iceberg”.

The other employees saw the police lead the thieves away in handcuffs. What effect will that have to stopping other theft?

The moral of this real-life experience is that RDS is our customer’s friend and consultant. Don’t be shy about asking about and listening to what worries our customers the most. It’s often not about being high-tech, email marketing, tablets or new social media apps. It’s about cutting their costs, improving their profits and making their quality of life better!

We have some of the best people in the industry around us. Bring them with you when you visit your friends (customers) and you will be successful! Good Selling!