How to Prevent Credit Card Fraud at Your Restaurant


So you probably already know at least a little about the EMV liability shift: banks and payment processors are now able to hold your restaurant liable for fraudulent credit card charges that happen at your business. 


EMV compliance may not be required by law, but it does mean you’ll have to pay for fraudulent credit card chargebacks, whether they’re for a $5 sandwich or a lavish $300 five-course meal.


Knowing about the EMV liability shift is one thing, but do you know how to prevent credit card theft from happening at your restaurant? Here are four security measures you should know to protect your business against paying credit card chargebacks. 




1. Get an EMV reader. 

According to Visa, U.S. merchants that have switched to EMV readers have seen a 66% decline in counterfeit fraud within a two-year time span. Decline in fraud means a decline in chargeback liability.


Chargebacks were created to protect consumers from fraudulent charges. They occur when a cardholder disputes certain charges made to their account. When a chargeback is issued due to a lost or stolen card, the bank issues a reversal of funds – which means if chargebacks happen at your business, you’re responsible for soaking up the costs associated with each chargeback. 


So make sure your payment processor is equipped to accept EMV payments, which can significantly reduce the likelihood of fraudulent charges happening at your restaurant.



2. Make sure you are PCI compliant.

A restaurant is usually PCI compliant by making sure their payment processor and/or POS are PCI compliant. PCI Compliance is a security standard set by the payment card industry to protect businesses and consumers from cybercriminal activity. 


But if your restaurant is gathering and storing customer data, that means you are the one who must be PCI compliant. Here are 12 steps to ensuring data is protected before, during, and after transactions.


  1. Install and maintain a firewall configuration to protect cardholder data.

  2. Do not use vendor-supplied defaults for system passwords.

  3. Protect stored data.

  4. Encrypt transmission of cardholder data across open, public networks.

  5. Use regularly updated anti-virus software.

  6. Develop and maintain secure systems and applications.

  7. Restrict access to cardholder data on a need-to-know basis.

  8. Assign a unique ID to each person with computer access.

  9. Restrict physical access to cardholder data.

  10. Track and monitor all access to network resources and cardholder data.

  11. Regularly test security systems and processes.

  12. Maintain a policy that addresses information security.


Note that some point of sale companies store credit card information in their own systems and others do not. POS companies that do not store information are considered more secure because they don’t handle or store any sensitive payment information. 



3. Make sure your payment processor uses tokenization.

Imagine the following scenario: you’ve just swiped a customer’s card with the number 6117 0987 2342 1800. Someone hacks into your server hoping to gain access to the card number, so they can copy it and use it. 


But, because your payment processing company uses tokenization, that card number is no longer stored on-site – instead it’s pushed off-site to an ultra secure location. A “token”, or unique set of numbers and letters, sits in place of the original number.


This token is generated at random and can’t be decoded back to its original number. Regardless of whether the card was swiped or dipped, the card information is still protected from cybercriminal activity. 


Tokenization is one way merchant service providers can keep card data secure throughout the transaction process, because the data is protected even when the point of sale is at rest. 



4. Use point-to-point encryption. 

Point-to-point encryption (P2PE) is the standard set by the PCI Security Standards Council as another way credit card processing companies can protect user information. When the card is swiped through the card reading device via your POS, the card reader instantly encrypts the card data. The encryption becomes a code that is then securely sent to the payment processing company for decryption. 


Unlike tokenization, which turns card information into a random set of numbers and letters that can’t be decoded, P2PE uses an algorithm to make card data unreadable to everyone except the end receiver of the information – who is then able to convert it back into its original form. 


P2PE protects both merchants and cardholders from cyber security breaches, making every transaction more secure. 


Credit card fraud prevention starts with businesses that make it difficult for fraudsters to make transactions. When you take the time to make sure your transactions are secure, you’re protecting your business and your customers. 




About the Author

Tiffany Regaudie

Tiffany is the Content Marketing Manager at TouchBistro, where she shares knowledge with restaurateurs on how to run their business. She's passionate about traveling the world and getting to know communities through great food.

Follow on Twitter More Content by Tiffany Regaudie
Previous Article
4 Ways to Make Upselling Look Like Customer Service
4 Ways to Make Upselling Look Like Customer Service

It's a win-win-win situation!

Next Article
Waitlist Apps to Save the Hangry and the Host
Waitlist Apps to Save the Hangry and the Host

Hosting just got ten times easier.