Payment Card Industry (PCI) compliance is vital to ensuring data security at any business accepting digital payments. Compliance as a Service offerings from value-added resellers (VARs) and managed services providers (MSPs) help merchants meet PCI Data Security Standard (PCI DSS) by:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
- Implementing strong access control
- Regularly monitoring and testing the network
- Maintaining an information security policy
Your restaurant clients typically don’t have in-house resources who are able to address and manage every standard, which creates a demand for your services. Moreover, after the sweeping changes in the industry that have occurred in the past two years, the need is even greater.
DeWayne Mangan, VP, Infrastructure & Client Support at Acumera, a managed network service provider, comments, “Restaurants have been forced headfirst into the world of IoT.” He says their IT environments have grown to include mobile order tablets, live menu boards, live drive-thru menus, online ordering, guest Wi-Fi, trivia night, pay-at-the-table, portable payment devices for servers, and more.
“It complicates their network setup. These devices frequently come with little technical information, no vendor hardening guides, and no management capabilities for the merchant,” Mangan says
Challenges that PCI Compliance as a Service Can Solve
Mangan points out that restaurants often face common challenges when working toward PCI compliance. “Based on our observations, network segmentation is almost nonexistent in the restaurant industry,” he says.
“Also, access control is challenging. The manager’s office is often used for equipment racks, storage, cash storage, paperwork – and, oh, occasionally there’s enough room for the manager to work in there as well,” he remarks. “Without dedicated store IT personnel, the manager-on-duty is expected to also serve as remote IT support, meaning equipment is frequently left unsecured or keys are left hanging in racks, so anyone on-site can access it.”
“There’s lots of security theater to be found in how IT equipment is secured even at sites that have dedicated, locked spaces,” Mangan says.
He adds, “Overall, IT staffs are overburdened and frequently have to choose between ‘making it work,’ i.e., keeping revenues coming in, and making it secure.”
How Your PCI Compliance as a Service Offering
Can Help Can Benefit Restaurant Businesses
VARs and MSPs have the opportunity to provide PCI compliance services that restaurants need—and build project and recurring revenue for your business.
You can leverage your expertise to build or update systems that comply with PCI DSS. For example, your team can install and maintain a firewall and antivirus, enable payment data encryption, and deploy an access control solution. Additionally, you can provide ongoing services, such as network monitoring and testing and updating an information security policy for employees and any third-party contractors that have access to the restaurant’s network. You can also design your PCI Compliance and a Service offering to make annual reporting easier and help your clients avoid fines and penalties – which can include a restaurant losing its ability to accept digital payments.
The ongoing services you provide can eliminate a huge burden for a restaurant’s in-house IT staff, and that value will help you retain customers, adding to predictable monthly revenue for your business.
PCI Compliance as a Service solution vendors can provide you with tools specifically designed for restaurant compliance and security, including vulnerability scanning, monitoring and assessment tools. Your vendors will also offer you and your clients the technical support you need.
If your goal is to become a total restaurant solutions provider, you need to meet your clients’ needs with PCI Compliance as a Service. Assess your market and weigh your options for growing your business with this new revenue stream.