The online booking site helps restaurants ensure PCI compliance.
It isn’t unusual for a restaurant to require a credit card to reserve a table. However, taking down the credit card information can be fraught with risks, says Elizabeth Casey, senior director of product management for OpenTable Inc., which enables consumers to book restaurant reservations online. For instance, some restaurants’ employees write down the diner’s credit card details and leave them lying around for anyone to see, she says. Such a method goes against the dictums of the Payment Card Industry Security Standards Council, which issues rules to fight payment card fraud.
To offer restaurants an easier solution on OpenTable.com, Casey enlisted Braintree Inc., a payment processor offering a payment gateway that encrypts card numbers. A payment gateway connects a merchant to several payment processors via a secure Internet connection.
The system requires no extra work from the consumer or the restaurant. Once the customer enters the payment card details into her OpenTable account, OpenTable sends the data to Braintree, which processes the card data. The redirection ensures the payment card data is not sent to the merchant’s servers. A restaurateur can then check his OpenTable account to verify if a payment card is on file without seeing the sensitive data, such as the account number and expiration date.
“Restaurants understood it was important to protect their customers’ credit cards,” Casey says. “This offers peace of mind for restaurants.”