Cake Point of Sale Security
At CAKE, we take data security seriously and our products are engineered to help protect both you and your customers.
With your CAKE POS, credit card data is encrypted the moment you swipe a credit card. This is true whether you are online or using our offline payments mode system option (located in Main Menu>Settings>System Options>Offline Payment). Credit card data is never stored unencrypted. The data remains encrypted as it is transmitted from your CAKE POS, to the server, and to the credit card processor.
We've also added additional layers or security, such as SSL protocols and data tokenization, to further anonymize and obfuscate user data. Our cloud based servers also allow us to regularly release system updates directly to your CAKE POS. These remote updates enable us to ship the latest security standards and give you peace of mind.
What is PCI Compliance?
PCI Compliance is the term used to indicate that a certain business complies with the payments security standards (often referred to as "PCI DSS" or just "PCI") established by the Payment Card Industry Security Standards Council. PCI DSS includes best practices to identify vulnerabilities in processes, procedures, and web site configurations. These practices help businesses protect themselves against security breaches, safeguard customer data, and protect the integrity of electronic payments.
How is this relevant to CAKE and our customers?
Every company from the credit card processor to your point of sale software provider (CAKE POS) to your payments hardware manufacturer (external card swiping device) is held to this same exact security standard.
Although CAKE POS enables PCI compliance, the business owner taking in the credit card information is also required to comply (that's you). When you accept credit card transactions and collect sensitive customer information through your POS system or external card terminal, you also must be in compliance. Failure to meet this compliance can result in fees from your bank or processor in the event of fraud.
What do I need to do?
You need to ensure each part of this process (processor, POS, etc.) for payments processing is compliant. If your credit card processor is your bank, but you use the CAKE POS system to take the actual payment, then you need to make sure the bank is compliant as well as CAKE. If you are using external hardware to swipe your credit cards, that hardware must also be compliant.
How can I ensure I'm doing everything right on my end to be compliant?
If CAKE (with its partner Vantiv) is your payment processor, there's a quick assessment you can take pertaining to your payment operations provided here. Once you register, you will be able to answer a few questions and be provided with your assessment results.
If you process with WorldPay, you can find more information here or call WorldPay's PCI Helpdesk at their toll free number: 800.268.0386 M-F 8am-10pm ET.
Note: For both tools, you will need your merchant ID and/or your username and password.
If you have an external processor, we recommend you locate the tools they provide or reach out to their support to get any additional information you may require on PCI Compliance.