To date, PCI compliance has not been regulated by the government, however that all changed this month as Nevada passed a new law that will go into effect next year requiring businesses to comply with PCI. The new legislation not only enforces PCI compliance for companies that process and/or transmit payment cards, but increases requirements for all businesses as it relates to information security. Things like SSN, Drivers License and other information are also covered.
As our team has shared many times, compliance doesn’t guarantee security and there is always a risk that as governmental regulations get in the middle of industry guidelines there will be a false sense of security. Without proper education about information security and implementation of an Information Security Policy within a business, most will still fall short of what needs to be done to adequately secure critical information within an organization.
We found a great article on the ROI for having Wi-Fi in your restaurants! Below is the first couple lines of the article, if you wish to read the entire article it can be found at Hospitality Technology.
Does WiFi, or high speed Internet access (HSIA), play a significant role in hotel guest satisfaction, and does it have a hand in hotel booking preferences? As per the 2009 Hotel Guest Technology Study, commissioned by the American Hotel & Lodging Association’s technology and e-business committee and conducted by the University of Delaware, the answer to that question is a resounding yes. Yet if this question were to be applied to restaurants, would the results be the same? Is WiFi service, whether it is free or with a fee, a determinant in customer retention? University of Delaware researcher Anil Bilgihan and myself conducted a follow-up study to understand the impact of WiFi service in the restaurant environment.
In my role of working primarily with the corporate brands, I am finding incredible consistencies with the struggles and challenges Corporate Brands face in implementing PCI Compliance throughout their franchise community.
For a single merchant, although not an easy process to implement the proper technology and policies to security, it’s generally following the guidelines set forth by the Corporate Brand in order to become compliant. However, for the Brand or Franchisor it’s ultimately their responsibility to protect the entire brand from the possibility of a breach occurring by providing the means and resources to become PCI Compliant. That’s a very large responsibility when you look at it from the overall challenges they face.
Most franchises cannot position themselves to mandate a solution that will make their franchisees are compliant, and even if the brand has the capability to mandate, they would face the additional legal challenge of “liability” if such a breach were to occur. Of course this would completely cripple the Brand if such an event would occur. For this reason, its important for the Brand to find alternate ways for franchisees to participate in a “recommended solution”, rather then mandate a solution. By now you’re beginning to see the many obstacles the Brands are facing in implementing such a program. Education on PCI Compliance is not enough because ones interpretation of PCI Compliance can vary, and ultimately ends up with is a variety of different solutions, some good, some bad, some not at all, if the responsibility lies purely on the franchisee to become compliant.
The solution: We at SecureConnect have worked effectively with corporate brands to approach compliance from a tiered model to effectively penetrate the franchisee community. First, we work with the brand on customizing an exact solution that fits their model and requirement guidelines per PCI Compliance. Once that is established, in conjunction with the Brand, we run a series of educational seminars to educate the franchisees from an owner/operator level, so they recognize the importance of security within their restaurant, and how it relates to PCI Compliance. Next, we strategically launch a marketing campaign to the franchisee community that would consist of brochure/collateral, email campaigns and call campaigns to answer specific questions and discuss the solution established to the franchisee. In conjunction with a “Point of View” letter to the franchisees providing the corporate brands perspective and “recommended solution”, this strategy has proven to be an effective way to address the many challenges the Brand faces in becoming PCI Compliant throughout their franchisee community.