If a thief steals your credit card data, expect to be out at least $80,000, estimates cyber-security firm ANXeBusiness Corp. in Southfield, Michigan. “Oftentimes, these restaurants feel like they’re being victimized a second time,” says Atlanta hospitality lawyer Charles Hoff, who counsels breached restaurants.
Here are typical steps to expect if you become a victim, and how to keep the expense from putting you out of business:
- Take two immediate steps: Stop accepting credit cards, and commission a forensic audit, at a cost of $10,000 to $25,000.
- Your credit card processor may try to pass along fraudulent charges to you, by withholding payments it owes you for valid customer charges.
- At some point, you’ll have to notify your customers. All but four states have laws that require it, but timing and other specifics vary by state.
- After the audit is a conference call with the auditor, processor and credit card company. The auditor discusses findings, and sets amounts for remediation and fines.
This call is a restaurant’s best chance to cut its losses, says Hoff, especially if the audit shows another party, like the POS vendor, at fault.
“That’s the time ... [to] lawyer up,” he says. “It’s very important to make clear the issue hasn’t been with the restaurant, where the problems have been with a third party like the POS company, if that’s indeed the fact.”