Skip to main content

Restaurant Protection from Data Security Breach | Optiv

February 04, 2011

Last week, published an article discussing a new study in which Visa identified restaurants as the most likely sources of credit card theft.  An estimated 40 percent of all credit card theft occurs at these dining locations – more than any other location.

Multiple factors make restaurants preferred targets.  With over 935,000 retail food outlets in the United States, the restaurant industry services more than 192 million customers daily. To address security issues, major eatery chains must make an incredible effort to make changes to the existing systems and infrastructure across the nation. If the resources to make these modifications are not made available, this can lead to the use of older, less secure, and inconsistent implemented systems and applications.  Some business models support both corporate and franchise operations, further increasing the likelihood of inconsistent controls.  Lastly, for most people, restaurants are likely the only merchants that regularly accept customers’ credit cards and physically remove them from the sight of their owners during processing.

How can corporations and individual restaurateurs address these problems and make their customers’ data more secure?

It is easiest to reduce the opportunity for credit card compromise when you realize that thieves cannot take what you do not have.  The Visa study indicated that restaurant organizations were retaining excessive cardholder data.  Wherever possible, companies must ensure that they retain the absolute minimum number of sensitive data elements.  All other instances of cardholder information should be decreased, reducing the attack surface for malicious activity.

As companies that succeed or fail based on customer satisfaction, food service organizations often attempt to find new ways to improve the overall customer experience.  In some cases, offerings such as complimentary WiFi access can actually lessen the security of the environment.  Companies must evaluate new or improved services that they offer to their clientele against the risk that these opportunities may offer.  By practicing proper risk-based decision making, the organizations can identify ways to make their customers’ time in the restaurants more enjoyable while still offering effective safeguards against cardholder data compromise.

Although many companies required to comply with standards such as the Payment Card Industry’s Data Security Standard (PCI DSS) agree that the requirements are often difficult to satisfy, these organizations also agree that compliance increases their ability to protect their customers’ information.  Consistent application of the provisions of the DSS will greatly increase the overall security and resilience of the dispersed networks so common amongst restaurant brands.  A recent article in references how the most recent PCI compliance reports, however, show that, even with the increased concern over cardholder data theft, the overall compliance rates have remained relatively consistent.  Whether the restaurant is family-owned or part of an international food service chain, every effort should be made to achieve consistent, effective compliance and improve these rates.

Finally, while most thefts occur by system compromise, employees are still a potential risk. Security awareness training teaches personnel how to act and, often even more importantly, how to recognize when things are not being done properly.  As the front line representatives of the restaurant, the employees are the most effective defense against many compromise vectors.

Related Blogs

February 24, 2015

Encryption: The Solution to Corporate Breaches?

In the aftermath of recent breaches, the discussion has centered around encryption of data, more specifically, data at rest, when data resides in the ...

See Details

April 10, 2014

Understanding, Preventing and Detecting Retail Breaches

Recently, there have been a number of high-profile cyber-attacks in the retail industry. These security breaches are becoming more and more commonplac...

See Details

January 24, 2014

Trends in Credit Card Data Breaches and Why You Should Be Concerned

As FishNet Security's Incident Management team handled credit card data breaches, PFIs and other response engagements in 2013, they observed a rise in...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

September 20, 2017

PCI Compliance

Go beyond the PCI compliance checklist.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.