Payment Security

Keep your customers’ payment information safe. Stay PCI compliant.

In order to address ongoing threats to credit card information security, the PCI Security Standards Council was formed in 2006. The PCI Security Standards Council has developed two primary standards that concern you: PCI DSS, and PA-DSS.

Delivery integration

PCI FAQs

What is PCI DSS?

Simply put, PCI DSS (The Payment Card Industry Data Security Standard), often referred to as PCI, sets the requirements for all merchants that store, process, or transmit cardholder data. These requirements are the minimum you must do to protect your customers' cardholder information, and refer to network security, the handling of cardholder information, and the use of PA-DSS validated POS and payment processing systems.

What is PA-DSS?

PA-DSS, the Payment Application Data Security Standard, sets the requirements for software vendors who create software applications that store, process or transmit cardholder data.

SpeedLine is responsible for complying with this standard, and first validated its software under the standard in 2008. Since then, SpeedLine has continued to maintain compliance with each new software release and each new update to the standard.

Check out the complete list of PA-DSS validated point of sale providers on the PCI website

Why do I need to comply?

If you accept credit cards in your restaurants, you are responsible for complying with PCI. You do this to make sure your customers' payment information remains safe and secure.

If you choose not to comply with PCI, and your business is found to be the common point of purchase for stolen card information, you could face fines starting at $50,000. That's in addition to audit requirements that could be imposed by financial institutions.

A data breach could also seriously effect your brand—in a recent poll, 60% of consumers said that they would never return to a business where their credit card information was stolen.

How do I demonstrate PCI compliance?

Complying with PCI simply entails completing an annual self-assessment questionnaire, and quarterly security scans through a PCI-approved scan vendor.

The keys to a successful assessment include proper network security, the use of only PA-DSS validated POS and payment processing systems, and the careful handling of cardholder data.

Take the PCI DSS Self-Assessment Questionnaire on the PCI website

SpeedLine PCI Validation History

The entire SpeedLine POS product line has been validated compliant with the PA-DSS 3.1 standard, safeguarding your restaurant from risk of breach at the point of sale. We always recommend upgrading to the most recent version of SpeedLine for the latest payment card security updates. We also recommend installing any recent security and maintenance releases from your payment processing vendor. SpeedLine Support Advisories keep our customers informed of critical security updates.

SpeedLine Version Date Validated
6.0 September 15th, 2009
6.2 February 17th, 2011
6.3 December 8th, 2011
6.4 July 5th, 2012
7.0 November 13th, 2013
7.1 July 8th, 2014
7.2 October 16th, 2015
7.2x October 27th, 2015
7.3x June 15th, 2018

Know the Facts:

Restaurant PCI Basics.

Read the PCI Basics Guide

Password Maintenance

Setting strong Windows and SpeedLine passwords, and changing them regularly, is a Payment Card Industry Data Security Standard (PCI DSS) compliance requirement. Strong passwords that are changed regularly protect your cardholder and business data from unauthorized access, but managing them can be time consuming. 

SpeedLine Password Maintenance™ can help, and it's included free with your SpeedLine POS. Using Password Maintenance, you can:

  • Change all your Windows and Store Manager passwords in one simple step.
  • Change passwords on every computer on your network at the same time.
  • Change passwords on services and scheduled tasks, so these keep running without interruption.
  • Schedule future password changes so they aren't forgotten. 

The Installation Process


In order to ensure PCI compliance when installing a new point-of-sale system, or any other software that will interact with cardholder data, your system must be installed by a Qualified Integrator and Reseller (QIR). All SpeedLine Installation and Training Specialists are regularly re-certified to ensure your system is as safe as possible.

EMV FAQs

Chip cardSpeedLine was an "early adopter" of EMV, and has supported the use of EMV readers for chip cards and contactless payments since 2015. Learn more about EMV below.

What is EMV?

EMV® (Europay®, Mastercard® and Visa®) is a global standard for the authentication of chip-based credit and debit cards. It starts with a credit or debit card with an embedded microprocessor chip that stores and protects cardholder data. Chip cards (also called "smart cards") are the standard in most of the world, and according to CreditCards.com, about 70% of US cardholders have at least one chip card.

Traditional credit cards are swiped through a magnetic stripe reader. Chip cards can be swiped too, but have extra security advantages when processed through an EMV chip reader instead.

What am I liable for?

Since October 1, 2015, if a guest uses a counterfeit or stolen chip-enabled payment card and you do not use an EMV card reader to process the payment, you may be liable for the chargeback and any related claims.

To reduce your liability risk, consider upgrading your software and card readers to support EMV: a fraud-reducing technology that can help protect your business from financial loss if a criminal uses a counterfeit or stolen payment card in your restaurant.

On a chip card, the cardholder's account information is securely stored on the chip. During an EMV transaction, a unique, non-reusable transaction code is created, and the user's identity is authenticated either by a unique PIN code or by signature. The card data is encrypted at the PIN pad. One of various security measures you can take to help reduce payment fraud, EMV applies only to card-present transactions. It does not take the place of PCI compliance.

While chip cards still have a magnetic strip that can be swiped for payment through a traditional card reader, an EMV-capable card reader is required for EMV transactions.

What are the benefits of EMV?

  • EMV technology combats counterfeit fraud.
  • The new EMV card readers also support Near Field Communications (NFC), for contactless payment and Apple Pay.
  • While EMV is not yet a PCI requirement, the payment brands have introduced programs that could waive your annual PCI-DSS audit if you process more than 75% of transactions through an EMV certified device.

Are EMV Readers worth the expense?

The answer may depend on how many card-present transactions you process: Is your concept mostly dine-in or QSR? Or do you handle primarily card-not-present delivery orders?

Many delivery operations have delayed the upgrade to EMV in the store because their phone and online orders were still at risk of chargebacks. Today, with Pay@ the Door, you can protect your business against credit card fraud and reduce your processing rates at the same time with EMV in-store and on the road.

Another consideration may be pressure from your customers, local business community, insurers, or even the cities and towns where you operate. Beyond the liability risk, delaying the switch to EMV may also impact dine-in or carryout sales. As the banks educate consumers on the security of chip transactions, eventually your customers may become wary of businesses with less secure card readers.

Are you a SpeedLine user? Please visit the Customer Support site for details on supported EMV hardware and setup steps.