Restaurant Chain Fined Under Data Breach Law
This past month, a restaurant chain in Massachusetts was fined $110,000 for data breaches to their systems that failed to protect their customers personal information. The case was brought about by an incident that occurred in April of 2009 where hacker’s installed malicious software code on the restaurants computer systems, which in turn allowed them access to Credit and Debit Card information stored on the chains computers. The malicious code wasn’t detected and removed until eight months later in December of 2009.
To add insult to injury, when first learning of the security breach, the restaurant continued to accept Credit and Debit Cards through their POS Systems, and failed to change employee passwords.
In addition to the fine, the restaurants parent company will be required to prove that both the corporate servers and the restaurant POS systems are now compliant with both the Massachusetts data and security regulations as well as the Payment Card Industry Standards (PCI DSS).
If you are a small business, the information above should serve as critical remainder that you need to adhere to PCI DSS standards. Some business owners feel that since they are not one of the big boys, they are immune to the standards and requirements.
According to the PCI DSS standards, ALL Credit Card merchants, regardless of their size have to be compliant. Just because you are a long-term merchant, you are not grand-fathered-in. If you have a merchant account, the industry can levy an assortment of penalties against you, including, but not limited to, terminating your merchant account. Today, not being able to take either Credit or Debit Cards is a death knell for most businesses.
As an example…
When I recently explained these facts to one small business owner that I know, he told me that he was not going to turn on the PCI DSS Compliance settings within his software until he was actually being faced with a forced compliancy audit. At this stage of the game, this is like playing Russian Roulette… you are just asking for trouble by putting both your customers and business at risk. For this particular merchant, a fine of the size indicated above would have been a very large burden on his business.
If you have question or concerns regarding the above information, or if you would like to have your POS system checked for compliance, please contact the CCS Retail Systems Support Department.