facebook pixal

What restaurants need to know about data security and cybersecurity

Photograph: Shutterstock

Customers entrust their data to restaurants in a variety of ways. Every time they hand over a credit or debit card, they are trusting a business with essential information. The advent of online ordering increases opportunities for restaurants to gather data about their customers—but it also adds to the responsibility.


The ease and speed of modern society has its pitfalls. Restaurants can, through a few transactions and web visits, begin building an entire profile of customers and potential customers. Cookies can track a user’s web habits and discover their interests, and, using that data, targeted ads can be directed at those same users.


Comprehensive data protection—including store, employee and customer—is paramount to upholding a restaurant’s most important asset: the brand.  But how much do operators really know about security? And, more importantly, how much do they really know about the products/services their security vendor provides?


Data security vs. cybersecurity


While often used interchangeably, data security refers to payment card data and cybersecurity refers to all other sensitive data that resides within a restaurant’s network.


The data security standards that businesses must adhere to are enacted by the Payment Card Industry (PCI) via PCI DSS.  But deciphering, implementing and maintaining these standards—as well as remediating issues that deviate from these standards—requires the POS provider to accept the onus for a restaurant’s compliance.


Cybersecurity, meanwhile, can be neglected (via the misimpression that PCI DSS compliance provides holistic protection), inadequate and/or fraught with misinformation.


Best-of-breed: a holistic, single-vendor solution


As a multi-award winning technology solutions provider that is PCI DSS Level 1 Certified, PDQ POS comes with PDQ Security®, an integrated, end-to-end data security and cybersecurity platform that protects your enterprise from all of today’s evolving threats.


A false sense of security?


Most consumers give little thought to any of this until something happens. That “something” for a consumer can mean, for instance, unusual activity on a credit card, which can instantly cause a sense of dread and panic. For a business, a data breach or cybersecurity incident can quickly mushroom into a full-on PR crisis along with potential financial liability. How a restaurant handles a data breach and the steps it takes to correct the problem are critical. The business needs to be proactive and transparent.


In May 2019, Checkers Drive-In Restaurants Inc. notified customers that it had discovered malware at certain Checkers and Rally’s locations. In simple terms, malware is software designed to damage, disrupt or gain unauthorized access to information. In the case of Checkers and Rally’s, the malware was added to some point-of-sale systems. It was designed to collect information stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date.


The chain had to contact law enforcement and third-party security experts to contain and remove the malware. It created a list of locations impacted and the dates it had happened and set up a website about the issue along with a hotline.


How can chains prevent such issues from happening? Make no mistake—there is a battle going on. The battle is between businesses that have to accept and use data, and criminals who seek to steal that data for nefarious means. As in any battle, these businesses need allies.


PDQ POS has expertise in cybersecurity as well as point-of-sale systems, making them an ideal ally for restaurants. The company is creating and protecting the very type of system that was compromised in the Checkers case. PDQ’s in-house Vulnerability Management Security Center will consolidate and assess data across a system. PDQ will then prioritize risk, developing a comprehensive and complete picture of a restaurant chain’s security. Where are the gaps? How could criminals gain access to data or get a foothold in the system? PDQ will find the holes and identify vulnerabilities.


Next, PDQ will create customizable dashboards and reports. It allows restaurant chains and owners to see what is happening.


Being aware of an attack in the first place, though, is essential. In many cases, particularly in the theft of data, the attackers do not want to be detected. They want to silently hijack systems for their own goals. PDQ can help thwart this activity and give operators peace of mind.

This post is sponsored by PDQ POS

Want breaking news at your fingertips?

Get today’s need-to-know restaurant industry intelligence. Sign up to receive texts from Restaurant Business on news and insights that matter to your brand.