Latest
/
Best Practices

A Guide To PCI Compliance

Payment card industry (PCI) compliance refers to the technical and operation standards that businesses follow to secure and protect credit card data provided and transmitted through card processing transactions. PCI gives merchants the chance to identify and address payment card threats and vulnerabilities that could lead to a breach. It holds merchants accountable for securing their business environment and policies that lead to a data breach. 

PCI Compliance- 12 over-Arching Requirements

While PCI compliance levels vary, it is mandatory for any business that accepts credit cards. There are 12 over-arching requirements for PCI compliance: 

  1. Install and maintain a firewall to protect cardholder data. 
  2. Develop and maintain secure systems and applications. 
  3. Regularly test security systems and processes. 
  4. Encrypt transmissions of cardholder data across open, public networks. 
  5. Protect stored cardholder data. 
  6. Do not use vendor-supplied default system passwords. 
  7. Assign a unique ID to each person with computer access. 
  8. Restrict access to cardholder data by business need to know. 
  9. Use and regularly update anti-virus software.
  10. Track and monitor all access to network resources and cardholder data. 
  11. Restrict physical access to cardholder data. 
  12. Maintain a policy that addresses information security for all personnel. 

If a breach occurs and it is determined that the business was not compliant at that moment, it will face fines and fees as well as reputational damage.

PCI Compliance Levels

Level One Merchants

Level one merchants process over 6 million card transactions annually through all channels (card present, not present, eCommerce). Merchants who are considered level one must do the following: 

  1. Complete an annual Report on Compliance (ROC) through a Qualified Security Assessor (QSA) 
  2. Complete quarterly network scans by an Approved Scanning Vendor (ASV) 
  3. Complete the Attestation of Compliance Form

GoTab is proud to announce that we are Level One Merchants in the PCI Compliance level.

Level Two Merchants

Level two merchants process 1 to 6 million card transactions annually through all channels. Merchants who are considered level two must: 

  1. Complete an Annual Self-Assessment Questionnaire (SAQ) 
  2. Complete a quarterly network scan by ASV
  3. Complete the Attestation of Compliance Form 

Level Three Merchants

Level three merchants process 20,000 to 1 million card transactions annually exclusively via eCommerce. Merchants who are considered level three must do the following: 

  1. Complete an annual SAQ
  2. Complete a quarterly network scan by an ASV
  3. Complete the attestation of compliance form

Level Four Merchants

Level four merchants process up to 1 million card transactions annually through all channels, and do not process more than 20,000 card transactions via eCommerce. Merchants who are level four must: 

  1. Complete an annual SAQ
  2. Complete a quarterly network scan by an ASV
  3. Complete the Attestation of Compliance form. 

EMV Liability Shift

EMV stands for Europay, Mastercard, and Visa- the three companies that helped create the technology standard. EMV technology is an important tool for merchants to fight against fraud chargebacks. 

So what are EMV Chips, and how do they work? They are microchips embedded into a payment card that allows payments to be made more securely than the traditional magnetic stripe. The data on EMV chips is encrypted, therefore making it more difficult to clone. Unlike the old fashioned magnetic stripe with its easily readable card information, an EMV chip contains a secure algorithm that generates a new authentication code for each transaction. This code is sent to the issuing bank for confirmation before the transaction can be processed. 

The EMV liability shift was a change in the rules that made merchants without EMV-compatible payment terminals liable for the cost of any claims of fraud made against those transactions. Under the new rules, if the counterfeit or stolen card has an EMV chip and the merchant doesn't scan it, the acquiring bank will be held liable for the fraud instead of the issuing bank.  The acquiring bank will then pass the cost onto the merchant as part of their agreement. Merchants therefore have a financial incentive to upgrade their payment terminals.

Who Is Liable

When a merchant accepts a magnetic strip card that was counterfeited with track data copied from an EMV chip card, and the card is swiped at a POS device that is not EMV chip-enabled and the transaction is processed, the merchant may be liable for the chargeback resulting from the fraud. This only pertains to transactions where the magnetic stripe was read, and does not apply to contactless transactions. 

There is no liability shift for fallback transactions, they are a result of the chip on the card not being read and the authorization message does not contain chip data. Fallback transactions are therefore considered magnetic stripe transactions and liability remains with the card issuer. 

The ability to accept card payments is a privilege. Achieving and maintaining PCI compliance while having a POS terminal that has chip-reading capabilities is the best way to protect your business and your right to accept credit cards. 

Tap Room Playbook: Check Your Experience

Tap Room Playbook Episode 2: 

When you really think about it, with everything managers need to do in a tap room, the hospitality aspect is often overlooked.

Watch Now →
Tap Room Playbook: Kick A** Brands

Tap Room Playbook Episode 3: 

The best breweries pay attention to what their brand stands for. How do the best brewers bring their brand to life?

Watch Now →

Situated “in the heart of it all, yet tranquil enough to make you feel away from it all too,” The Limelight Hotel Snowmass offers 99 hotel rooms and 11 residences, as well as footsteps-to-gondola access in winter and summer — right in the middle of Snowmass Base Village.

The Situation

Especially over the last few years, the Limelight Hotels IT team had witnessed a significant shift to contactless technology in the hospitality industry. After evaluating friction points in the guest journey, aligning with modern technology platforms in their restaurant was determined to be an effective way to offer elevated contactless dining experiences to their guests while also evolving their technology platforms to continue to support long-term company goals. Limelight Hotel partnered with GoTab to provide an enhanced on-demand dining experience on par with the brand’s reputation for exceptional guest service.

The Solution

Reducing Staff Touch Points Without Sacrificing Guest Experience

Guests are now able to begin a tab from their room or the property’s restaurant by scanning a QR code, texting a link to friends or family members on the ski slope to add in their orders, then meeting up together at the patio or lodge to enjoy their meal and après ski festivities without interruption. By streamlining tasks like inputting orders and processing payments, this eliminates friction for hotel staff and allows them to focus on delivering renowned guest service for a memorable experience. Since partnering with GoTab, Limelight Snowmass has consistently seen higher check averages and sales.

“We found the Point of Sale platforms we were looking at offered the guest and staff limited opportunities to further reduce touch points or improve the traditional restaurant experience. The GoTab platform enabled the guest to take an active role over the flow of their experience while simultaneously reducing touch points and further streamlining restaurant operations.”Nick Giglio, Manager of Hotel IT Operations, The Little Nell Hotel Group

According to the Limelight Hotels team, some of the other platforms that were evaluated were either missing some of the pieces they were looking for, had weak customer support models, or had little willingness to develop integrations to existing hotel platforms already in place. To that end, GoTab integrated with cloud-based platform, Infor. Together, GoTab and Infor are providing dynamic solutions to support central, efficient service across hotel amenities and deliver exceptional guest experiences.

“Previously, guests would call down to the restaurant to begin an order from their room or while they were out enjoying the ski slopes. Using GoTab, guests can now place orders from anywhere on the resort, giving them the on-demand service they want without interrupting their day. GoTab empowers us to give control to the guest, reducing touch points and streamlining overall restaurant operations, making Limelight Hotel the resort of choice for Snowmass.”Nick Giglio, Manager of Hotel IT Operations, The Little Nell Hotel Group

Since introducing GoTab, The Limelight Hotel has seen a consistent level of upsells and items sold per check resulting in additional revenue capture. They have been able to maintain service levels in their restaurants during periods when there was reduced staffing available without significantly diminishing the guest experience.

The Benefits

Eliminate Phone Orders – Take Orders from the Slopes. Guests can start a tab from their room or on the mountain without interrupting the flow of their day.

Future-Proofed Technologies – Delivering elevated contactless ordering via integration with the Infor hotel management platform.

Eliminating Friction in the Guest Journey – Maintaining service levels during periods of reduced staff without diminishing the guest experience.

  • Eliminating Friction in the Guest Journey – Maintaining service levels during periods of reduced staff without diminishing the guest experience.
  • Eliminating Friction in the Guest Journey – Maintaining service levels during periods of reduced staff without diminishing the guest experience.
  • Eliminating Friction in the Guest Journey – Maintaining service levels during periods of reduced staff without diminishing the guest experience.
  • Eliminating Friction in the Guest Journey – Maintaining service levels during periods of reduced staff without diminishing the guest experience.

Request a Demo

Ready to experience GoTab for yourself? Sign up for a free demo and get qualified to receive a complimentary meal on us!
Request a Demo