Protecting Guest Privacy
PCI Data Security Compliance Training
What is this about?
PCI Security Compliance is a security standard for companies that handle credit card information.
Following these guidelines allow us to keep the privacy of our guests and fellow associates safe!
This training will teach you how to be aware of suspicious behaviors, and where to turn when you see them (hint: it’s the Help Desk).
So how do I do it?
It’s easy! It all comes down to a few things:
1. Make sure to take care of your credit card readers and inspect them daily for signs of tampering or damage.
2. Be on the lookout for suspicious behavior, especially when it involves credit card readers, registers.
3. It’s better to be safe than sorry. Quickly verify anything fishy by sending a message or calling the Help Desk . They will investigate right away if anything doesn’t check out.
Checking the Readers for Tampering
Each morning, do an inspection of your readers. Checking daily makes it easy to tell if something has changed and to investigate what happened!
Tips for the Inspection:
• All readers look the same, so check for any that look or act differently from the rest.
• Check the swipe and chip slots for damage. Make sure nothing has been stuck into them either!
• The readers are made in one solid piece. Look for parts that feel loose, or seem like they’ve been added on.
Handling Credit Card Readers
It’s important to be careful what you do with the readers too. Do your best not to touch them unless needed, or as instructed by Help Desk!
This includes:
• Unplugging, powering off, or attempting repairs
• Moving, shaking, or dropping them
• Shipping/transporting them
NEVER ship readers anywhere without being told to do so, and don’t send them anywhere besides the Home Office. If someone asks you to do that, call Help Desk about it immediately.
Verify Others Working in Your Store
Any time someone is let in to work on equipment or enters staff areas, be sure you know who they are and why they are there!
1. Trust, but Verify! Be sure to ask for identification of the tech/vendor and their employer.
2. Make sure you know why they are there. You can ask them for a work order or reach out to Help Desk to check their story.
Important:Before letting any work be done on network equipment, registers or card readers, you must always verify that it’s okay with Help Desk, no matter how sure you are!
Be Careful Sharing Information!
“Social Engineering” is a fancy term for a simple trick that hackers use all the time. It’s basically just someone tricking you into giving them the information they need! Example:
Someone wants into our payroll system. They call a store pretending to be Help Desk. They convince them to share their password. And that’s it! You’ve been hacked.
So how do you avoid this? Know who you’re talking to and be careful with the info you share, especially on the phone or through email.
Be Careful Sharing Information!
Some Tips For Verifying Callers:
• Check the caller ID! Calls from Home Office will show (865) 288-7700
• Others from the Home Office may show their name on the caller ID, but if you’re ever in doubt, the Help Desk can help you verify the number someone is calling from the matches with their direct line.
• You can also get their name and extension and call them back yourself.
No matter what number, Help Desk will NEVER ask for credit card numbers or other CC info. Do not share that info with anyone!
In Summary
As you can see, it’s not hard to be safe. All of the strategies we learned today are simple tools that all boil down to one thing:
Pay attention to your surroundings and report anything that seems out to of place to the Help Desk. Especially when it comes to the registers, credit card readers, and any other systems that handle sensitive information!
Thank you! Questions? Contact Help Desk J
