Point of Sales Systems Continue to Leave Restaurants – and Diners – Open to Data Breaches
The hamburger you bought at Wendy’s last month may be costing you a lot more than $4.99. The fast food chain is in the process of investigating claims of a serious payment card breach at several of its locations. The company has hired a team of cybersecurity experts to conduct a full investigation into the breach to understand the anatomy of the attack.
A spokesperson for the restaurant chain shared that it had “received reports of unusual activity involving payment cards at some of our restaurant locations. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants.”
But Wendy’s is not alone. In the past year several chain restaurants, like Jimmy John’s, Dairy Queen, P.F Changs and Rainforest Café have been targeted because of their easy to access, outdated, point of sale software.
Brian Krebs from Krebs on Security said in an interview, “Traditionally [POS systems] have been some of the weakest spots [in a restaurant’s operations… because restaurant owners] tend to do really sloppy things like enable the same password for each system…Guess what? If the bad guys can remotely login into your point of sale software, well, it’s kind of game over.”
So what exactly can enterprises do in order to protect not only themselves, but also their customers?? The need to balance security, convenience and even cost can be a challenge. While customers are often the first victims of any breach, restaurants need to take better care of customer data in order to protect their brand, reputation, and shareholders. It is not only in the best interest for the consumer, but especially the companies.
Companies like Wendys, Jimmy Johns, Dairy Queen, P.F. Chang’s, and Rainforest Café all need to start by implementing an out of band multi factor authentication solution that is simple and easy to access and understand, but also moves the authentication flow away from the malicious actors and vulnerabilities that exist.
This solution should be new way of thinking about security and authentication, by providing auditing at the user level to meet compliance and regulatory policies, but also making it simple for the user, and providing retailers and customers very solid, credential authentication that averts data.
A solution that can provide authentication through a persons identity and unique to each user without having their private digital credentials vulnerable to a breach, and gives users the certainty that they are fully protected from poor security hygiene that malicious attackers take advantage of.
This way, customers can enjoy that tasty burger without having to worry about hackers getting their hands on sensitive, private credentials.