PCI compliance is a set of rules that we are governed by in order to maintain the ability to accept credit card payments. PCI stands for Payment Card Industry.
Any organization that handles, stores, or transmits cardholder data must be PCI compliant. Any business that does not abide by these guidelines faces financial penalties.
Some of the guidelines are technology based, for example requiring that we use and maintain firewalls. Our equipment is password protected and our data is encrypted. We are also required to keep our software updated, use antivirus protection and restrict data access. We have a great IT Department that makes sure we meet all of the technical standards.
Our Cashiers and Managers also play a vital role in the company remaining PCI compliant.
- Our managers are required to check for skimming devices on each of the credit card machines daily.
- Our cashiers should never do anything with a guest’s credit card other than process the payment.
- Our cashiers should keep the credit card visible to the guest when possible and return the card to the guest quickly.
- Cashiers should never have their cell phones out while processing a credit card transaction.
- No employee should ever take a picture or record the credit card information.
- If a guest leaves their credit card behind, the cashier should immediately have the manager secure the card in the safe.
- If a guest comes back for their credit card, ID should be checked to verify the card is handed to the rightful owner of the card.
- If a guest does not return for the credit card within 2 days, the manager should call the number on the back of the card for instructions. This will notify the bank that the card is no longer in the owner’s possession. Follow the bank’s instructions or give the card to the DM.
- All cashiers and managers should review PCI compliance training once per quarter. Taco Bell Experiences includes this training periodically.
Credit card fraud is a serious crime. In the state of Virginia, you can be charged with ID theft if you fraudulently use another person’s payment card in addition to credit card fraud / theft charges. Although credit card fraud is often charged under state laws, it can be a federal crime.
In the state of Virginia, you can be charged with credit card fraud just for being in possession of someone’s credit card or card information without their knowledge or consent. This includes holding onto a card that you know has been left behind or lost. Credit card number theft is grand larceny – that means before you even try and buy something with the card. The penalty is up to 20 years and a fine of $2,500. If you use the credit card fraudulently you face additional charges based on the value of the theft in addition to even more charges if they pursue identity theft charges which hold a penalty of up to 12 months and another $2,500 fine.
The bottom line is that it is not worth it.
By: Deb Baylor
Director of Asset Protection