Home Point of Sale How Did Restaurants become Targets for Cyber Criminals?

How Did Restaurants become Targets for Cyber Criminals?

by Samantha Kalany

Estimated reading time: 3 minutes

restaurantsCybercriminals attack those who find themselves functioning in every industry. Everywhere you look, you see large releases about data breaches, left and right. The Food & Beverage, Hospitality, and Retail spectrums are at-large with their point of sale systems being the root of their data hack strife. Hackers are have a simple time penetrating their databases and harvesting important credit card information and more. From larger food chains like McDonalds, Subway, and Dunkin Donuts to smaller Ma & Pop joints, centralized to each region, so many restaurants are finding themselves breached and squandering. What do we do about this? 

Unpatched POS systems with attached card readers and outdated software are almost always the cause of this. POS systems are attached to apps and other mobile devices to help simplify the customers’ checkout experience. Even though these features seem like technological advancements, sometimes they can end up hurting users in the end. 

Out in the Wild (Restaurants)

Dunkin Donuts was hit earlier this year when hackers jumped into their mobile app infrastructure and were able to steal users’ personal information from QR Codes and profiles. This was a huge dip because customers trusted their favorite coffee shop to instill them with an app that would allow them to order ahead and pay in-line with the simple scan of a QR Code. The “DD Card” failed those customers who “Run on Dunkin.” 

Wendy’s was targeted by a dangerous malware virus that attacked their POS system that collected customers’ payment card credentials. Approximately 1,000 stores were hit and thousands were impacted. 

Securing your POS Systems

restaurantsYou’ll need to ensure that your customers’ POS system, no matter how many hardware devices are involved, should be secured at all costs. Making sure that the POS setup meets PCI-DSS compliance regulations is ideal. Keeping anti-virus software up-to-date and assigning unique IDs to employees who have access to the computer can jumpstart the security as well. Here are four more things to recommend next time you check in with your clients:

  • Securing & encrypting your Wi-Fi
  • Choosing secure passwords for POS 
  • Not operating your system on a Wi-Fi Network that your patrons can access
  • Advocate that they set up training modules for all employees on how to securely take credit card payment using the POS system. 
    • Tip! Maybe offer to do this for them at just $100/hr.
Micro-Segmentation at Work 

What is Micro-Segmentation? Micro-Segmentation is a security technique that enables fine-grained policies to be assigned to data center applications, down to the workflow level, think operating system synchronization. By utilizing micro-segmentation, you’ll be able to do anything together. Managers are able to implement new and updated solutions centrally without having to travel to each location to initiate a campaign. 

Restaurants can track app-flow traffic to improve customers’ purchase experiences. Once you understand what and where is heavily populated, you can go in and change up the IP Addresses or Firewalls, to protect users from harm, when needed. 

Using segmentation policies allows security teams to be urgently alerted of the attempted attacks before, during, and after they happen. When it comes to realizing what’s going on, an attacker has likely gotten around the existing policy. A new and refined policy can be automatically sent out to all locations. Keeping PCI-DSS regulations in mind, adopting a micro-segmentation solution can help restaurant chains to easily become compliant. 

No matter what the size, restaurants are always at risk of being compromised, especially when there’s a loyalty program put in place, storing sensitive payment information. It’s important to be mindful of security measures. ISVs, specifically, can help customers with following these steps to help ensure safety. 

Dig A Little Deeper

Going forward, if you’re interested in learning more about what Micro-Segmentation is and how it can impact your business click here. When the question in the title is asked again, the answer really points to the lack of security for your customers’ POS systems. Read more about Watchguard’s security tactics for protecting hardware and software devices. 


You may also like