The road to PCI compliance has proven to be a rocky one for many franchise systems and their franchisees. Created by the major credit card companies, the Payment Card Industry Data Security Standard (PCI DSS) is a guideline to help organizations that process credit card payments to minimize their risk of a security breach. The substantial number of businesses that have not achieved compliance can be attributed to several issues including a lack of awareness, a need for increased education, and negligence among business owners to assess and acknowledge risk. This hesitation to comply is surprising considering the fact that in the event of a breach, it is the business that is held accountable for non-compliance.
Beyond compliance with PCI DSS, however, is the core significance of network security within an organization. Security breaches happen, and it is understood that most of them could have been easily prevented with the correct security measures in place. Implementing control measures to achieve and maintain compliance is the first step toward security best practices. As a result, Mr. Goodcents Subs & Pastas (
www.mrgoodcents.com) has made PCI compliance a priority within their system to help franchisees protect their business and their customers.
Lack of awareness
The lack of awareness among franchisees concerning PCI can be a major obstacle to overcome. For Mr. Goodcents, notifications from acquiring banks regarding non-compliance fines concerned the owners/operators and generated immediate action from the franchise system. It is not uncommon for franchisees to want to place responsibility for PCI compliance on someone other than themselves. Rather, business owners should consider it a business opportunity to build competitive advantage and significantly lower risk. Based on research and evaluation, Mr. Goodcents selected BHI Advanced Internet (
www.bhi.com), provider of SecureConnect, to deploy a campaign designed to increase franchisee awareness and comprehension of PCI DSS by focusing on the fundamental requirements of secure credit card acceptance.
Educating the masses
Although PCI requirements have been in effect for five years now, there is still a considerable need for education among organizations. A popular assumption is that only big organizations need to achieve compliance, because small organizations have nothing to offer hackers. The exact opposite is true, however. Numerous studies show that smaller operations are attacked the most, which confirms the fact that PCI compliance education is lacking.
Since starting down the path of PCI compliance nine months ago, Mr. Goodcents has incorporated various educational tools through SecureConnect to better equip franchisees with knowledge of PCI DSS and why it cannot be ignored. This was done through a bottom-down approach. The Mr. Goodcents franchise system first enlightened themselves about PCI compliance in order to educate owner/operators and provide them with the tools to train their employees and enforce it through proper procedures. The BHI team has also supplied training and support for Mr. Goodcents with PCI learning materials, educational webinars and onsite presentations from SecureConnect professionals.
Unnecessary risk
Despite the warnings, there are a large number of owners/operators in the quick serve industry that are still taking unnecessary risk and have not taken appropriate action to mitigate the chances of a security breach. Many franchise owners have reservations regarding PCI DSS requirements because prior to this mandate, their restaurant was not compromised by a breach. It is this laissez-faire attitude that makes them an easy target for hackers to effortlessly steal sensitive data. As most business owners recognize, their business is not invincible, despite what good fortune they may have experienced in the past. News stories about breaches continue to surface, resulting in restaurants having to shut their doors. To implement proper security measures in existing restaurant locations and attract future multi-unit owners/operators, businesses need to demonstrate that they are able and willing to provide PCI direction for protecting their existing franchisees.