Four Keys to Cyber Security: Protecting restaurants and retailers from data breaches
Restaurants and retailers around the country continue to be plagued with the threat of cyber-attacks. Target, Eddie Bauer, Wendy's, O'Charley's, are just a few of the major brands recently affected by data breaches, leaving millions of consumers' credit card information at risk.
This threat is an issue that no business owner or operator ever wants to deal with, but as the necessity for customer-friendly technology increases due to consumer preference, companies would be wise to proactively deal with this challenge ahead of time, rather than face ramifications that could negatively impact their business and customers’ privacy.
Credit card transactions are certainly growing in popularity. In fact, there are currently more than 172 million credit card holders in America, according to Statista -- a number that has grown at about 1 million per year since the turn of the century. NextAdvisor.com surveyed 500 people ages 18 and older and found that 42% of respondents prefer to pay with a debit card and 38% reach for their credit card. Just 17% expressed a preference for cash and only 3% wrote a check.
Likewise, a recent Toast consumer study found that credit or debit card is also the preferred payment method for 76% of dine-in restaurant goers, especially when paying for higher-end ticket items versus smaller transactions, like a cup of coffee.
All of these transactions put the money of your business and your customers at risk if you’re not using the proper technology, which is why credit card processing is one of the biggest areas of interest for data thieves looking to access customer payment card information.
The strategy for restaurant and retail business owners is to put themselves in the best position to have a secure environment and stay ahead of threats at the point of sale. Below are four key steps companies can take to best support and maintain a secure place of business.
Become PCI compliant
Payment Card Industry (or PCI) compliance is obtained by following a set of standards to “ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.” PCI compliance adds an extra blanket of security wherever possible so your customers can feel safe when their card runs through your location’s processor.
Becoming PCI compliant is the first step your business should take on its journey to becoming more secure. According to the PCI Security Standards Council, the aftermath of a data breach could entail lost jobs for C-level executives, high legal costs, lost sales and customer trust, and even going out of business entirely. Clearly, the potential downsides of hacks for non-PCI compliant businesses are too great to ignore.
Protect payment info with credit card encryption
Hackers love a good trail - so don’t leave any breadcrumbs for them to follow. Modern point of sale systems (POS) have the feature of immediate encryption for credit card information when the card swipes. This means that everything is transferred through the credit card transaction process securely.
Assuring encryption from the first stages of the transaction lets you and your customers take solace in the security of the transaction. This is because encrypting a credit card number in the card reader hardware does not allow hackers to install malware on your network. At that point, there's nothing of interest for hackers looking for credit card payment to access.
Choose cloud-based systems for secure data storage
Cloud-based POS systems have made a huge impact on the restaurant and retail industries. Not only do they offer more convenient features and remarkable ease-of-use, they are also far more secure than legacy POS systems when it comes to protecting data. When your information is stored in the cloud, that means all private data is stored off-site, and customer credit card information is instantaneously transferred to the next step in the payment process.
In contrast, legacy POS systems store information in the technology itself, on-site in your business location’s back office. This makes customer data much more vulnerable as it can be far too easily accessed by the wrong people. In addition to a cloud POS’s secure storage of data off-site, another benefit of these modern systems is the ability to monitor your place of business at all times and detect unusual activity.
Update and evolve to stay ahead of hackers
The good and bad news about technology is that it is always evolving. Criminal masterminds never stop trying to find a backdoor to a goldmine of data, which means defending that data is harder than ever. It’s in the best interest of your business to work with a technology company that keeps security advancements and updates both fresh and frequent.
Modern POS companies are typically a SaaS (software as a service) model. Working with SaaS technology means your business pays a fee to receive technical support and - more importantly - regular software updates. These updates typically offer performance enhancements, but also back-end security enhancements for adding a newly discovered layer to protect customer information. Software engineers who pick up on possible areas for security breaches will dedicate time to fixing and resolving issues for subsequent software updates. As one member of our team puts it, his job is to come into work every day, figure out ways to break the system, and then fix them.
The sad truth is, we live in a world full of cyber threats, identity theft, and credit card hacks. It's a harsh reality faced by every industry. But for the sake of your business and your customers, taking the time to research and wisely choose a safe, secure and trustworthy POS partner may just make the difference between a thriving business and a hijacked brand.
Steve Fredette is president and co-founder of Toast, where he leads product and innovation initiatives. Prior to Toast, he worked on mobile app development before the iPhone came out, creating the first Flickr and Shoebuy.com apps. At Endeca, now Oracle, he co-founded their mobile commerce business, building the product team and driving sales, marketing, and services to over $10 million in revenue in two years.