Restaurant Chain Secures Business by Securing Payment Data
After being raised by American Express to a Level 2 merchant, Escalante’s, a Mexican restaurant chain in the Houston area, received a notification that all five of its locations were required to be Payment Card Industry Data Security Standard (PCI DSS) compliant. Ronnie Wilson, director of operations for Escalante’s, found that this daunting task of achieving PCI compliance had fallen into his lap.
According to American Express, Level 2 merchants process anywhere from 250,000 to one million American Express transactions annually. Therefore, it is paramount that retailers protect the data being transmitted. PCI DSS is the standard developed jointly by the credit card brands. Card accepting merchants are required to comply with these data security standards. Merchants who follow these requirements are less likely to have data breaches from hacking or other common attacks such as malicious software, also known as malware, installed on their network. “It became critical that we become PCI compliant,” Wilson admits.
Security breeds customer loyalty
Wilson’s primary role within the company was managing customer service. In a sense, achieving PCI compliance serves customers because they expect that when they pay for their meal, their credit card data will be protected. Not satisfying all of the requirements of PCI could expose sensitive information to cyber-criminals, a.k.a. hackers, which would lead to theft and unauthorized charges.
“There were high priority security measures that we needed to achieve at all of the Escalante’s locations,” Wilson says. “However, we lacked the manpower to execute a technical project of this magnitude. Yet, the PCI initiative remained at the forefront of importance.”
To achieve PCI compliance, there is a laundry list of requirements merchants much adhere to. As Wilson assessed the needs for all five locations, he determined that the ideal solution would be a single source provider that could supply tools to help the company achieve PCI compliance including vulnerability scanning as well as the opportunity to separate the POS and back office systems within different security “zones.” Zoning allows for segmentation within a single network, providing critical security between the POS system and the back office system without disturbing normal business operations.
After evaluating several options, Wilson ultimately decided to implement a security solution provided by VendorSafe Technologies. VendorSafe was able to offer an all-encompassing package that provided security that started with a robust firewall and included the necessary technical tools to ensure PCI compliance. “We chose VendorSafe because they offered the most expedient solution with a local support team,” Wilson notes.
Vigilience breeds security
A key feature in the package is routine vulnerability scans. These scans examine both the internal and external threats that allow access into a network, which can be misused by hackers. Weaknesses in a system can also allow viruses and malware to infiltrate a network compromising customer card data. VendorSafe provided the company with yearly and quarterly scans with the results stored online for easy review.
The package provided by VendorSafe also included a “zoned” network, which accommodated the customer’s needs to adjust levels of security for specific devices within the network. The highest degree of security was applied to the POS System, while the back office computers remain more accessible.
With the help of VendorSafe Technologies, Escalante’s was able to achieve and maintain the PCI compliance status. In addition to meeting all of the requirements set forth by American Express, the restaurant chain was also equipped with tools to support a secure system. Escalante’s can now focus on driving business with peace of mind that their customers’ data and the network they operate is secure.