Data is a powerful tool in the restaurant industry. It’s also often sensitive and classified. The storage and protection of credit card data has been scrutinized in recent events, with hacker attacks in both retail and foodservice establishments.
1. Does the point-of-sale system run on Windows XP?
On April 8, 2014, Microsoft stopped supporting the Windows XP operating system.
This means that any POS system that runs Windows XP no longer receives important security updates and is no longer PCI compliant.
Do not choose a POS system that runs on Windows XP. If you’re currently using an XP-based system, it’s time for a change.
You will be required to pay for an expensive software upgrade or be at serious risk for fraud and viruses.
2. How is POS data encrypted? When is credit card data stored in the system?
In order to prevent data breaches and fraud, your POS system should encrypt data the moment a credit card is swiped.
All sensitive data should also be encrypted when it is stored on your POS server, so it’s nearly impossible for someone to access your database and steal classified data. How does the POS system encrypt data?
Identify potential weak points by inquiring how and when credit card data is stored and encrypted in the system.
3. Who has access to the server and the data on it?
Your system should allow you to restrict access to sensitive data.
Anyone who is granted access to the data should be required to enter personal login information so you can track who is interacting with your data and hold the right people accountable if something goes wrong.
Usually, data access is limited to management.
Decide who should have access to data and lock down the system from everyone else (your POS provider should help you).
4. Who is responsible in the event of a data breach?
If PCI compliance is important to you, make a point of asking POS providers to prove that they are certified.
Every POS provider should have strict security measures in place to protect your establishment from fraud, viruses, and data breaches.
If legitimate security measures are in place, providers will likely agree to take full responsibility should any data be compromised.
DISCLAIMER: All of the information contained on this site (the “Content”) is provided for informational
purposes only and not for the purpose of providing legal, accounting, tax, career or other professional
advice. The Content is provided “as-is” without any warranty of any kind express or implied, including
limitation any warranty as to the accuracy, quality, timeliness, or completeness of the Content, or fitness
for a particular purpose; Toast assumes no liability for your use of, or reference to the Content. By
accessing this site, you acknowledge and agree that: (a) there may be delays in updating, omissions, or
inaccuracies in the Content, (b) the Content should not be relied upon or used as a substitute for
consultation with professional legal advisors, (c) you should not perform any act or make any omission on
basis of any Content without first seeking appropriate legal or professional advice on the particular facts
circumstances at issue and (d) you are solely responsible for your compliance with all applicable laws. If
do not agree with these terms you may not access or use the site or Content.