4 Steps to Protect Your Restaurant from Data Breaches | Food Newsfeed
Continue to Site
Thinkstock
Taking precautions against data breaches is more important than ever.

4 Steps to Protect Your Restaurant from Data Breaches

Underline Image
How to keep your customers' data secure.
By Steve Fredette January 2017 Expert Insights

Restaurants around the country were plagued with the threat of cyber-attacks in 2016. Wendy's and O'Charley's are just a couple businesses affected by data breaches in the past year, leaving millions of consumers' credit card information at risk.

This threat is an issue that no restaurant owner or operator ever wants to deal with, but as the necessity for customer-friendly technology increases due to consumer preference, owners would be wise to proactively deal with this challenge ahead of time, rather than face ramifications that could negatively impact the business and customers’ privacy.

Needless to say, credit card transactions are growing in popularity. There are currently more than 172 million credit card holders in America, according to Statista—a number that has grown by about 1 million per year since the turn of the century. A recent Toast consumer study found that credit or debit card is also the preferred payment method for 76 percent of dine-in restaurant goers, especially when paying for higher-end ticket items versus smaller transactions, like a cup of coffee. All of these transactions put the money of your business and your customers at risk if you’re not using the proper technology. This is why credit card processing is one of the biggest areas of interest for data thieves looking to access customer payment card information.

The key for restaurant owners is to put themselves in the best position to have a secure environment and stay ahead of threats at the point of sale. Shared below are four key areas where technology can best support restaurants in maintaining a secure place of business:

1. PCI Compliance

Payment Card Industry (or PCI) compliance is obtained by following a set of standards to “ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.” PCI compliance adds an extra blanket of security wherever possible so your customers can feel safe when their card runs through your restaurant’s processor.

Becoming PCI compliant is the first step your restaurant should take on its journey to becoming more secure. According to the PCI Security Standards Council, the aftermath of a data breach could entail lost jobs for C-level executives, high legal costs, lost sales and customer trust, and even going out of business entirely. Clearly, the potential downsides of hacks for non-PCI compliant businesses are too great to ignore.

2. Credit Card Encryption

Hackers love a good trail, so don’t leave any breadcrumbs for them to follow. Modern point of sale systems (POS) have the feature of immediate encryption for credit card information when the card swipes. This means that everything is transferred through the credit card transaction process securely.

Assuring encryption from the first stages of the transaction lets you and your customers take solace in the security of the transaction. This is because encrypting a credit card number in the card reader hardware does not allow hackers to install malware on your network. At that point, there's nothing of interest for hackers looking for credit card payment to access.

3. Secure Data Storage in the Cloud

Cloud-based POS systems have made a huge impact on the restaurant industry. Not only do they offer more convenient features and remarkable ease-of-use, they are also far more secure than legacy POS systems when it comes to protecting data. When your restaurant's information is stored in the cloud, that means all private data is stored off-site, and customer credit card information is instantaneously transferred to the next step in the payment process.

In contrast, legacy POS systemsstore information in the technology itself, on-site in your restaurant’s back office. This makes customer data much more vulnerable as it can be far too easily accessed by the wrong people. In addition to a cloud POS’s secure storage of data off-site, another benefit of these modern systems is the ability to monitor your restaurant at all times and detect unusual activity.

4. Staying Ahead of Hackers

The good and bad news about technology is that it is always evolving. Criminal masterminds never stop trying to find a backdoor to a goldmine of data, which means defending that data is harder than ever. It’s in the best interest of your restaurant to work with a technology company that keeps security advancements and updates both fresh and frequent.

Modern POS companies are typically a SaaS (software as a service) model. Working with SaaS technology means your restaurant pays a fee to receive technical support and, more importantly, regular software updates. These updates typically offer performance enhancements, but also back-end security enhancements for adding a newly discovered layer to protect customer information. Software engineers who pick up on possible areas for security breaches will dedicate time to fixing and resolving issues for subsequent software updates. As one member of our team puts it, his job is to come into work every day, figure out ways to break the system, and then fix them.

The sad truth is, we live in a world full of cyber threats, identity theft, and credit card hacks. It's a harsh reality faced by every industry, including restaurants. But for the sake of your business and your customers, taking the time to research and wisely choose a safe, secure and trustworthy restaurant POS partner may just make the difference between a thriving business and a hijacked brand.

Steve Fredette is president and co-founder of Toast, where he leads product and innovation initiatives. Prior to Toast, he worked on mobile app development before the iPhone came out, creating the first Flickr and Shoebuy.com apps. At Endeca, now Oracle, he co-founded their mobile commerce business, building the product team and driving sales, marketing, and services to over $10 million in revenue in two years. He also ran the special operations team at Endeca, creating new prototypes for various customer and business needs, including Endeca’s business intelligence platform. Steve holds a BS degree from MIT.