Of Pizzas and PCI

Here on the AVPS blog, we were struck by recent reports of pizza restaurants being targeted by hackers and malware, including one in Lompoc, California, where customers’ card numbers were used for unauthorized charges, many of which showed up in Russian characters. Another pizza establishment, near Sacramento, had its customers’ numbers hacked as well, and charges were made all over the world, from Australia to Iceland, sometimes in the neighborhood of thousands of dollars. The proprietor noticed a drop-off in business — to the tune of nearly $10,000 — because customers no longer felt their information would be “safe” if they went there.

The merchant hadn’t heard of PCI compliance before — those Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies process, store, and transmit credit card information in a secure environment.

According to a profile in the Lompoc Record about the Pizza Parlor’s woes, businesses like that, “called Level 4 merchants, must pass a vulnerability scan by a PCI-approved scanning vendor. They must do this annually. Another requirement is that they acquire and maintain a secure Internet connection between their web browser and the web server.” PCI regulations, the article notes aren’t a law yet but “will probably become a law soon, with policing to follow.”

And the parlor owner is “going to become an advocate of PCI standards and will spend time helping other Lompoc businesses become PCI compliant as well.”

We’ve long been advocates of PCI compliance here at AVPS, and a lot of our processing options, like On-the-Spot Processing, Mail Order and Telephone Order accounts, and more are already PCI compliant.

Talk to your AVPS rep today to find out how you can make all aspects of your business PCI compliant. Don’t find out the hard way that it isn’t!

Leave a Reply

Your email address will not be published. Required fields are marked *