Approximately 110 million—that’s the estimated number of customers whose credit card or personal information was hijacked in the Target data breach that occurred this past holiday season, sending shock waves through all businesses. It wasn’t the only notable hack of late. QSR chain ‘Wichcraft and Boston-based operator Briar Group were among a gaggle of companies to discover within the last six months that they’d fallen victim to a cyberattack. If hackers can breach these large retailers with the funds to invest in Internet security, what’s to stop them from getting to your business?
A breach can lead to costly repercussions and consumers losing trust in your brand, so prevention should be top of mind, says Dave Matthews, executive vice president of innovation and member advancement at the National Restaurant Association. The Payment Card Industry (PCI) Data Security Standard is an accepted best practice. But achieving PCI compliance is a complicated process.
The NRA has been pushing operators to take additional steps to strengthen network security. “We believe they’ll make networks safe enough that the average crook will find it difficult to obtain data and move on,” says Matthews. Here’s what the NRA recommends: 1) Maintain strong firewalls; 2) scan machines periodically; 3) limit or disable remote access; 4) ensure credit-card data encryption; 5) segment secure networks from Wi-Fi and employee networks and 6) keep software updated.
The good news is companies have begun heeding the warnings, and the damage has lessened. In its 2013 Cost of Data Breach Study, Michigan-based research company Ponemon Institute showed that the financial impact of breaches has decreased slightly from a $194 average per capita cost to $188. The overall cost to affected businesses also has declined. The reason? According to the report, more businesses today are taking preventative measures and investing in safer technology. This awareness has led to improved preparation for and responses to breaches. And because they are getting better, “more customers remain loyal following the data breach,” says Ponemon.
Restaurants and other businesses soon may have a new defense against data thieves. Credit card issuers in Europe already have implemented new EMV “chip-and-PIN” technology, which is more secure than the current magnetic-strip system. Credit card companies in the U.S. have announced that banks will need to start making the shift to these new types of cards in October 2015. That means retailers also will need to switch to chip-enabled POS systems. One major change with these new cards will be a shift in liability. If retailers do not update their machines, they may be held financially liable for breaches that could have been prevented on chip-enabled systems.