OT Peytons big tip UPDATE

[jstewismybastardson]

its not just about protecting privacy of the clientele though


/biz ... let us know if theyre still accepting credit card payments when you go there in a couple of months

 

[SLY]

lol, no restaurant will ever do away with credit cards.

 

[jstewismybastardson]

lol, no restaurant will ever do away with credit cards.

if you violate the terms of payment card industry compliance ... they (being VISA, MASTERCARD, DISCOVER, INTERAC) may not let you accept credit cards

 

[Bizzle McDizzle]

its not just about protecting privacy of the clientele though


/biz ... let us know if theyre still accepting credit card payments when you go there in a couple of months

Wouldn't know... my shit will be free, company party!

 

[rares]

im no expert ... but i would think releasing this type of info to the public ... no matter how obscured the visa number may be ... is a violation of PCI compliance

I see what you're saying and I'm too busy to google but I'm pretty sure X-ing out all but the last 4 digits is "good enough" as far as any compliance goes... I still remember a few years back (maybe a few is more like 10? not sure) when merchants weren't required to blank out CC #s on receipts and it kept pissing me off because I kept having to shred them.

But now, since every merchant is required to X them out, I just trash them since they're useless to any dumpster diver.

Bottom line, there's nothing anybody can do with that information if it's public.... or is there? /shrug

 

[jstewismybastardson]

I see what you're saying and I'm too busy to google but I'm pretty sure X-ing out all but the last 4 digits is "good enough" as far as any compliance goes... I still remember a few years back (maybe a few is more like 10? not sure) when merchants weren't required to blank out CC #s on receipts and it kept pissing me off because I kept having to shred them.

But now, since every merchant is required to X them out, I just trash them since they're useless to any dumpster diver.

Bottom line, there's nothing anybody can do with that information if it's public.... or is there? /shrug

I dont think it is ... theres more to it in terms of the storage, handling and security of the information ... in terms of the protection of the data/receipts, the number may be obscured ... but the restaurant just allowed that information to just be publicized to the world

I think as of a certain date ... all vendors even mom and pop operations that accept credit payment are supposed to be PCI compliant and abide to all their regulations and be audited to ensure they meet all the payment card industry regulations ... its a total cash grab by VISA...AMEX...MC

and theres no real fall back for the vendor who uses payment services ... these arent government regulations ... these are payment card industry rules ... you break them and they fuck u up and stop allowing you to use their payment services

 

[forty_three]

im no expert ... but i would think releasing this type of info to the public ... no matter how obscured the visa number may be ... is a violation of PCI compliance

Actually, no. Even obscuring one digit in the card number is sufficient to avoid PCI retribution in relation to documentation. The rules of PCI state that if a reasonable effort to obscure or mask the card number was made, then it can not be considered a breach. That is why 99.99999% of businesses went to just showing last four. Because if they lose control of the document, they are protected from regulatory hell. Receipts are loosely considered "public" documents.

I dont think it is ... theres more to it in terms of the storage, handling and security of the information ... in terms of the protection of the data/receipts, the number may be obscured ... but the restaurant just allowed that information to just be publicized to the world

I think as of a certain date ... all vendors even mom and pop operations that accept credit payment are supposed to be PCI compliant and abide to all their regulations and be audited to ensure they meet all the payment card industry regulations ... its a total cash grab by VISA...AMEX...MC

and theres no real fall back for the vendor who uses payment services ... these arent government regulations ... these are payment card industry rules ... you break them and they fuck u up and stop allowing you to use their payment services

The real hell is when a company loses control of a database, backup of data or internal document without obscuring the full # or track 2 data (PIN, CVV, Address, Associated Account IDs, etc). And yeah, you are right. Dealing with PCI is akin to dealing with the mafia. We give you these loose guidelines, and God Help you if you fuck 'em up. They have a pretty good industry built around it. Heartland Payment systems was certified as compliant, two weeks later got breached and then they got fined into the stone age because "if you were breached, you must not have been compliant".

But you *JUST* said....

All that said, the restaurant had every right to fire the guy because the server breached the trust of a client. Regardless of regulatory problems, a restaurant that expensive likes rich people coming in and spending a lot of money at once. They can't risk more high profile clients being embarassed, so they boot the troublemaker as an example. Thin line, I know, but I have seen people get axed for FAR less in my work. And most of that is never publicized. Just the mere appearance of someone doing something inappropriate to our customers makes the brass go apeshit.

Sad reality, but a reality nonetheless.

 

[jstewismybastardson]

Actually, no. Even obscuring one digit in the card number is sufficient to avoid PCI retribution in relation to documentation. The rules of PCI state that if a reasonable effort to obscure or mask the card number was made, then it can not be considered a breach. That is why 99.99999% of businesses went to just showing last four. Because if they lose control of the document, they are protected from regulatory hell. Receipts are loosely considered "public" documents.




The real hell is when a company loses control of a database, backup of data or internal document without obscuring the full # or track 2 data (PIN, CVV, Address, Associated Account IDs, etc). And yeah, you are right. Dealing with PCI is akin to dealing with the mafia. We give you these loose guidelines, and God Help you if you fuck 'em up. They have a pretty good industry built around it. Heartland Payment systems was certified as compliant, two weeks later got breached and then they got fined into the stone age because "if you were breached, you must not have been compliant".

But you *JUST* said....

All that said, the restaurant had every right to fire the guy because the server breached the trust of a client. Regardless of regulatory problems, a restaurant that expensive likes rich people coming in and spending a lot of money at once. They can't risk more high profile clients being embarassed, so they boot the troublemaker as an example. Thin line, I know, but I have seen people get axed for FAR less in my work. And most of that is never publicized. Just the mere appearance of someone doing something inappropriate to our customers makes the brass go apeshit.

Sad reality, but a reality nonetheless.

thanks for the correction and the great insight! rep

 

[Eddie_Shack]

and to the author of that blog..


"No, the only thing that's surprising about this is that a restaurant with "Barn" in its name has such a pricey menu."


it will be the best steak you ever had.

the barn f'n rocks.

I'm going to a huge yearly party up there for work in mid April, very excited. The food will be amazing as always. And the service is 5 star, all day, every day.

And yes... it is located in what was once a barn.

One of the best restaurants in town is called San Chez, and believe it or not the food is not at all shitty.

 

[forty_three]

thanks for the correction and the great insight! rep

NP. 'tis a big part of my job.