How to Protect Your Restaurant From Credit Card Hacks
By: AJ Beltis
Nov 09, 2017
It's becoming a dangerous time to be a restaurateur.
This year alone, recent reports have surfaced that nationwide restaurant chains Wendy's, CiCi's, and Noodles & Company have been the subjects of data breaches, leaving millions of consumers' credit card information at risk.
Credit cards are - for many restaurants - seemingly essential. Most modern establishments won't even consider running operations without credit cards. Due to the nature of many restaurants, it's not uncommon for some to go completely cashless. But with large businesses now appearing unsafe for credit card processing, how can your restaurant secure its safety?
The security of transactions at your restaurant can boil down to the system you use to process credit cards. If cards are processed through your POS system, the security of that POS system is a crucial factor in safety. Should you choose the wrong POS system for your restaurant, your sensitive financial information (and that of your customers) could be completely vulnerable to hackers. So, what should be considered when choosing the right POS system to protect your restaurant and your patrons?
Let’s talk about the first thing you should consider when it comes to credit card security. All restaurants want to make sure they’re a trusted vendor in the eyes of their customers. The best way to do this is by making sure your point of sale system is PCI (Payment Card Industry) compliant. PCI compliance is described as a set of standards to “ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment,” thus allowing customers to trust you with their sensitive payment card information. It ensures that the extra steps have been taken wherever possible to ensure technological security.
Without PCI compliance, potential liabilities as listed by the PCI Security Standards Council include diminished sales, high legal costs, lost jobs for C-level executives, and even going out of business entirely. With all that at stake, it’s safe to say that PCI compliance is something your restaurant cannot afford to go without.
Cloud-Based Point of Sale Software
To safeguard your information, cloud-based POS systems are a much wiser and safer way to secure your restaurant's information compared to legacy POS systems for a multitude of reasons. Primarily, this is because legacy POS systemsstore information in the technology within the restaurant. Here’s an excerpt from an earlier Toast blog post on POS safety:
“Back-office servers store sensitive data on-premise, often unencrypted, for long periods of time. Cloud-based servers don’t store sensitive credit card information in a back room. Since this data is not stored in servers on your property, that means customers are not at risk of having or being accountable for on-site data breaches. Devices can also be monitored constantly, detecting suspicious activity or rogue access points.”
Due to this practice of local storage, this puts customer credit card information at a substantial risk compared to cloud-based POS systems, where information is instantaneously transferred to the next step in the transaction process.
Encryption of Credit Cards
Credit card information is very tempting to data hackers - but there’s no point in stealing information if they don’t understand it. Now some point of sale systems have the capability to immediately encrypt credit card information as soon as the card is swiped. As part of the encryption process, everything is immediately and securely transferred throughout the transaction process.
When this sensitive information is encrypted, both you and your customers can take comfort in the security of the transaction. Encrypting a credit card number in the card reader hardware, as soon as the card is swiped, means that an attacker cannot steal credit card numbers by installing malware on your network. At that time, there's no worthwhile information to steal on-site, so the risk of information theft decreases dramatically.
SaaS Model with Regular Software Updates
Technology is always changing, and that’s a good thing for your restaurant - but only if you’re using the right software. POS technology and software providers that do not send out regular updates leave your company in danger. Why? Because modern systems receive regular updates.
Software as a service (SaaS) provider models of POS technology are typically priced on a monthly basis. This is done not only to provide technical support, but also regular software updates. Included in these updates: security enhancements to safeguard valuable customer information. When software engineers pick up on a possible area for a security breach, they dedicate time to fixing things and resolving the issue for a subsequent software update.
As a plus, ensure that updates come frequently from both your POS provider (the company you pay a monthly subscription fee to) and your operating system (what runs the hardware you use – i.e. Android or Windows). This way, you are covered on every angle. Since Windows XP-based POS systems no longer receive those crucial updates, consider an Android-based system so that you'll be a safer business for credit card transactions.
If a POS provider says they have made improvements to their software to prevent the actions of a recent hack after the attack happened, take it with a grain of salt. While this seemingly reassuring message suggests they are on top of safety, it actually means they were just as susceptible to a breach in the first place. This is reactive – not proactive. Instead, look for a POS software that reviews historic hacks, and was proactive. While there is no such thing as an invincible POS provider, there are those that have made purposeful and intentional decisions to cover their bases more than others. One of these POS providers should be the one you should be using in your restaurant.
The sad truth is that we live in a world full of cyber threats, identity theft, and credit card hacks. It's a harsh reality faced by all businesses, including restaurants. But for the sake of yourself and of your customers, taking the time to research and wisely choose a safe, secure, and trustworthy restaurant POS may just make the difference between a thriving business and a hacked establishment.
DISCLAIMER: All of the information contained on this site (the “Content”) is provided for informational
purposes only and not for the purpose of providing legal, accounting, tax, career or other professional
advice. The Content is provided “as-is” without any warranty of any kind express or implied, including
limitation any warranty as to the accuracy, quality, timeliness, or completeness of the Content, or fitness
for a particular purpose; Toast assumes no liability for your use of, or reference to the Content. By
accessing this site, you acknowledge and agree that: (a) there may be delays in updating, omissions, or
inaccuracies in the Content, (b) the Content should not be relied upon or used as a substitute for
consultation with professional legal advisors, (c) you should not perform any act or make any omission on
basis of any Content without first seeking appropriate legal or professional advice on the particular facts
circumstances at issue and (d) you are solely responsible for your compliance with all applicable laws. If
do not agree with these terms you may not access or use the site or Content.