Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Credit Card Pre-Auth is a PCI DSS violation?

Status
Not open for further replies.
TobeThor

TobeThor

MIS
Jan 24, 2005
393
US
A client said he was contacted by his POS reseller and one of the topics discussed was the upcoming PCI DSS change that makes a "Pre-Authorized" credit card transaction (typically at the Bar) a PCI No No. I wanted to ask what POS resellers are advising their clients regarding this change. If Bar owners can't keep the credit card behind the bar and can no longer perform a Pre-Auth; just how are they supposed to protect themselves from guests that somehow dissappear when payment is due.
 
Sort by date Sort by votes
You seem to be under the assumption that PCI DSS has anything to do with the needs or security of the merchant. It's main function is eliminating any liabilities and associated costs for the card issuing banks and card brands. Their response is don't run tabs. The next step will be not allowing the card to ever leave the customers hands.
 
Upvote 0 Downvote
Actually it's not a "PCI" violation, it a merchant agreement violation that is dictated by the card brands. There are only two card brand approved ways to handle open tabs: 1) Hold the tab open at your own risk and get a single payment at the end or, 2) Don't allow open tabs and instead charge per round.

IMHO, either the card brands don't have a clue to how restaurants operate and the risks they face, or they don't care.

Steve Sommers
-- Creators of $$$ ON THE NET(tm) payment processing services

Blog:
 
Upvote 0 Downvote
I have been scouring the PCI website for an answer to this question and have come up with nothing concrete. The PCI DSS standards are all about protecting the customers sensitive information while it is in the merchant's system.

The site offers specifics on how to keep stored data on computer systems secure but not how to keep physical cards safe. The site does refer the reader to the "card brand" sites to ensure compliance as I imagine they will have the final say in some of these matters.

I would imagine that keeping a credit card for a bar tab is still OK as long as it is well protected and guarded. The "common sense" rule does apply here on how would you want your credit card stored at the bar? What makes you feel secure in giving you're card to the bartender?

Safe guarding the customers card information is the heart and soul of the PCI DSS and that is what is important to keep in mind.

If anyone has any "concrete" evidence that holding a credit card for a tab is AGAINST the PCI DSS Standards we would love to see it.

Name: Matt C.
Company: Semicron Systems
URL: Helping people with their Point of Sale needs since 1999!
 
Upvote 0 Downvote
I couldn't locate that specific info either and find it very ironic that although PCI DSS has made great strides in protecting credit card data but somehow may still allow the physical card to be just left "hanging around the bar" within access to multiple people... strange.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Question
Micros 3700 RES Credit Card Processing (Pro Help Needed)
Replies
4
Views
619
bdavidson024
B
HDK
  • Locked
  • Question
Simphony OPI printing receipt on credit card machine
Replies
3
Views
190
goodbody
goodbody
Gratmicros
  • Locked
  • Question
Showing Included Service Charge with option for additional tip on credit slip
Replies
2
Views
171
Niko S
Niko S
_choof
  • Locked
  • Question
Micros 3700 DM.exe Access Violation
Replies
7
Views
445
mvelazquez
mvelazquez
RGR221
  • Locked
  • Question
Oracle Hospitality RES 3700 5.7 Pre-Req Bug
Replies
1
Views
183
diamondabhi
diamondabhi

Part and Inventory Search

Sponsor

Back
Top