Recent news that a group of restaurants are pushing a class action lawsuit against Radiant Systems - a Georgia POS vendor and it's Louisiana reseller for allegedly installing a non compliant POS payment processing program and POS equipment- brings culpability to the forefront.
The restaurants or merchants were notified by the card associations that their systems had been hacked and credit card information had been stolen. Apparently card data was allegedly being stored by the program - a breach of PCI DSS basics.
The big news is the card associations immediately penalized the merchants for the breach. They were not only fined, but charged for the forensic audits and a number of other costs associated with the fraud. Ouch. Could your business or restaurant sustain the financial drain as well as the reputation damage of such an event? Should it have to? (the essence of the suit is no - that's what the payment processor and POS vendor is for!).
Jury's out still - but either way - it's probably not an issue any size business that is processing credit cards can afford to be lackadaisical about. Restaurants are typically level III or IV merchants when it comes to compliance - a PCI DSS level with it's fair share of inherent risk.
Merchants should ensure all of the integral parts of their payment processes are PCI DSS compliant - today's pain could be tomorrows relief!