Any merchant that accepts credit cards must be EMV and PCI compliant, and that includes restaurants and bars. Although the rules for PCI and EMV are not laws, failure to comply can come with hefty fines and put the reputation and financial health of your business in jeopardy.
This guide describes some of the ways a merchant may be in violation of PCI or EMV, including what types of fines, additional regulations and expenses they may become subject to for their violations.
Read More: Choosing a Restaurant Business Structure
EMV Fees and Penalties
The rules for EMV are constantly changing. And multiple updates are posted each month.
EMV Chargeback Liability
The most important change was the October 1st 2015 liability deadline. After this date any chargebacks on mag-stripe swiped cards are now applied as penalties to you, the merchant. Depending on the amount of the chargeback transaction, this could be a significant blow to your restaurant’s finances.
EMV Non-Compliance Fees
But this penalty is just the start. Your merchant services company will likely be applying an additional [EMV non-compliance fee](https://www.cardfellow.com/blog/emv-non-enabled-non-compliance-fees/) to your statement. Depending on the payment service provider, this could be a monthly or annual fee, a flat rate or a percentage.
Because EMV is a security standard put in place to protect the merchant services company from liability from the credit card companies it is entirely justifiable to offset this cost by charging you an additional fee. However, you can avoid these EMV non-compliance penalties by implementing an EMV compliant hardware and software point of sale solution so you protect yourself and your customers from fraud and hassle.
Rezku offers a POS solution with affordable EMV compliant card readers, freeing you from the worry and burden of having to keep up to date with every new EMV rule change.
Read More: Choosing a Restaurant Business Structure
PCI Fees and Penalties
The PCI DSS is a set of security standards that determine how much customer data can be saved and how it must be handled. Like EMV, PCI standards are always becoming more rigorous. However, unlike EMV, the fines can be much more onerous!
PCI Non-validation
It starts with fines imposed by your merchant processor for being in violation of PCI. These can be monthly or annual fees and go by different names, depending on the processor. Typically it’s something like PCI non-validation.
To get these fees off your statement you’ll need to validate your PCI compliance. For most restaurants and bars this is a fairly simple self-assessment questionnaire that must be completed annually. However, there are some conditions under which you may be required to present proof of PCI compliance. This can become quite expensive and complicated.
PCI Fraud Investigations
If fraud has been committed in your establishment and the cause is found to be due to PCI non-compliance you can be opened up to a world of hurt. The credit card companies are known to apply heavy non-compliance fines, making merchants pay damages caused by the violation as well as paying for the cost of the investigation. These PCI violation fees can be as much as $5,000 - $100,000.
PCI Compliance Penalties
Additionally, a violation can move you into the “high risk” category. A Level 1 merchant (high risk) is required to perform more rigorous assurances that they are in 100% PCI compliance. Certain data must not be stored at all according to PCI.
This includes:
- The full content of any track on the card's magnetic stripe
- The three or four digit number from the back of the card (CVV code)
- The PIN or any encrypted PIN blocks
If you become a Level 1 merchant through a violation, you’ll be required to hire a third party investigator known as a Qualified Security Assessor. They will need to make quarterly evaluations of your network and POS system to ensure that you are no longer in violation. As you can imagine, these security assessors don’t come cheap
To save yourself from the burden and complexity of PCI compliance there is a simple solution. Use a POS that is 100% PCI compliant. Rezku POS never stores sensitive customer card data, and keeps everything encrypted. The easiest way to maintain PCI compliance without worry is to use Rezku POS.
Read More: Choosing a Restaurant Business Structure
Conclusion
Because PCI and EMV work together to reduce credit card fraud they are here to stay. These standards were developed by the credit card processors to protect themselves from the costs of phony cards and stolen credit cards.
Criminal networks and hackers are constantly looking for new ways to create fraudulent transactions so PCI and EMV are constantly being updated. Failure to comply completely with these ever-changing rules can put you at serious risk for fines and fees from your merchant processor.
The simplest solution is to choose a secure, high-tech point of sale that takes care of all that for you. Rezku POS is 100% EMV and PCI compliant. So you can have peace of mind knowing you are protecting yourself and your customers from losses.
Find out more about Rezku POS on our home page. Find more helpful tips for restaurant and bar owners on our resource library homepage.
