A client said he was contacted by his POS reseller and one of the topics discussed was the upcoming PCI DSS change that makes a "Pre-Authorized" credit card transaction (typically at the Bar) a PCI No No. I wanted to ask what POS resellers are advising their clients regarding this change. If Bar owners can't keep the credit card behind the bar and can no longer perform a Pre-Auth; just how are they supposed to protect themselves from guests that somehow dissappear when payment is due.  

You seem to be under the assumption that PCI DSS has anything to do with the needs or security of the merchant. It's main function is eliminating any liabilities and associated costs for the card issuing banks and card brands. Their response is don't run tabs. The next step will be not allowing the card to ever leave the customers hands.

Actually it's not a "PCI" violation, it a merchant agreement violation that is dictated by the card brands. There are only two card brand approved ways to handle open tabs: 1) Hold the tab open at your own risk and get a single payment at the end or, 2) Don't allow open tabs and instead charge per round.

IMHO, either the card brands don't have a clue to how restaurants operate and the risks they face, or they don't care.

Steve Sommers
www.shift4.com -- Creators of $$$ ON THE NET(tm) payment processing services

Blog: http://paymenttidbits.blogspot.com/
 

I have been scouring the PCI website for an answer to this question and have come up with nothing concrete. The PCI DSS standards are all about protecting the customers sensitive information while it is in the merchant's system.

The site offers specifics on how to keep stored data on computer systems secure but not how to keep physical cards safe. The site does refer the reader to the "card brand" sites to ensure compliance as I imagine they will have the final say in some of these matters.

I would imagine that keeping a credit card for a bar tab is still OK as long as it is well protected and guarded. The "common sense" rule does apply here on how would you want your credit card stored at the bar? What makes you feel secure in giving you're card to the bartender?

Safe guarding the customers card information is the heart and soul of the PCI DSS and that is what is important to keep in mind.

If anyone has any "concrete" evidence that holding a credit card for a tab is AGAINST the PCI DSS Standards we would love to see it.

Name: Matt C.
Company: Semicron Systems
URL: http://www.semicron.com/
Helping people with their Point of Sale needs since 1999!  

I couldn't locate that specific info either and find it very ironic that although PCI DSS has made great strides in protecting credit card data but somehow may still allow the physical card to be just left "hanging around the bar" within access to multiple people... strange.