PCI compliance -when we signed our CC processor agreement we already committed to being PCI compliant & therefor liable, so…
-change and update password often
-update Windows patches often
-build & maintain an external firewall
-back office pos computer should not be networked with any other computer
-do not use vendor supplied passwords
-insure all CC info is encrypted (radiant already does this)
-use and update anti-virus programs
-regularly test our systems security (approved scan vendor) easy to find online – PCI quarterly scan
-use Deltrack tool w/in aloha – removes all p.a.n and CC info from database – this is un-needed info after 48 hours of transaction (greatly lowers our risk)
-complete an accurate PCI SAQ
-do not use back office computer for Internet use
PCI Security Standards Council
Restaurant Industry Resources
www.restaurantdatasecurity.com
PCI Blog