Technology’s role in the dining industry is more powerful than ever. This is mostly a good thing: streamlining operations, increasing efficiency, and ultimately making it much easier to run a restaurant or bar. But with technology comes a disturbing modern problem: threats to cybersecurity.
Types of Cybercrime
Credit and debit card theft is one of the earliest forms of cybercrime, and it continues to persist today. At the high crime levels, criminal hacking gangs organize and execute sophisticated cyber theft, often by accessing the online databases of major companies. Two of the biggest cyber thefts in 2019 were:
- Facebook User Data Breach. An estimated 540 million Facebook records were exposed, as reported in April 2019. Later the same month Facebook admitted that more than a million user’s emails had been leaked.
- Capital One Breach. More than 100 million user accounts and credit card applications had been hacked, as was reported in March. The hacker had accessed more than 100,000 social security numbers, and many other related information.
Here are the current top five cyber threats that you should be aware of:
The Ransom Malware Attack
Another security breach took placed two weeks ago: A malware called Ransom affected 57,000 computers worldwide. Convincing spam emails were sent out with attachments disguised as job offers, invoices, or other “legitimate” documents. Once opened, the malware infiltrated the computer, shutting it down. A message then appeared on the screen, demanding payment—between $300 and $600—for the user to regain access.
Cyber Theft Malware Targets Windows Users
Shadow Brokers leaked software that the NSA also used. It’s called Eternal Blue, and officials believe it has already been picked up by crime families. Eternal Blue is a powerful malware that would allow anyone to wreak havoc on any computer. Microsoft has already devised new updates to protect Windows users from that potential catastrophe.
Restaurant Point of Sale and Cyber Safety
Not only are consumer dining choices influenced by new technology, but cloud-based point-of-sale systems are replacing stationary legacy systems. For the first time, restaurants and bars have convenient operating systems and secure methods for accepting credit and debit card payments.
Affordability and ease of use have made new mobile POS systems popular, but what makes them invaluable are their increased security levels. Encryption, tokenization, and EMV chip card technology in mPOS (mobile point of sale) allow restaurant owners to rest easy. On legacy systems, on the other hand, local credit card storing poses a real security risk. Point-of-sale malware has been one of the biggest sources of stolen credit and debit card information since 2005. Cybercriminals have become savvier over the years, to the point where POS malware kits have been built for sale.
To combat the growing threat of cybercrime, credit card security technologies also advanced—for instance, by implementing chip technology. Yet there are still gaps in the security of many POS systems, putting retailers, restaurants, and bars at risk of a data breach if using Windows operation systems.
Apple-Based POS Systems Prove to Be the Safest Option
To date, no Apple-based POS system has been hacked. To maintain its unsurpassed security measures, Apple has strict requirements. To read about Sandbox and Apple’s three-part security certification for any application, visit this link.
Apple’s iOS is renowned for having an iron-clad security system that prevents hacking and malware invasions. As computer-security specialist Brian Krebs noted in the Washington Post, “An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses have generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud. The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.”
An iPad-based point-of-sale system is not just easy to use at your restaurant, but it’s also an incomparable way to protect your business from cyber theft.
Restaurants are increasingly targeted by identity thieves and hackers because POS systems and security practices are as diverse as the restaurant industry itself. There are huge disparities between restaurants with airtight security practices and those with lax or non-existent protocols.
Simple Ways to Boost Your Restaurant Cybersecurity Practices
Even if you’re unfamiliar with some cybersecurity basics, you can still take immediate steps to improve the security of your restaurant’s payment processing and other digital interactions with your customers’ valuable data. Let’s get started!
Identify Vulnerable Points
Any point in a transaction process where your team or software encounters the personal or payment information of your customers is a vulnerability and a target for data theft.
Focusing your cybersecurity efforts at these critical points is not only the most effective way to head off any security threats, it’s also a best practice more generally. Hackers can get creative in finding roundabout ways to access your system where they think you might not have prioritized security, so think of the bigger picture, not just your payment processing system.
The bottom line: As businesses expand their digital operations and online interactions with customers, more vulnerable points are open to attack! Identify any weak spots you might have.
Know the Different Types of Transaction Fraud
As we’ve all seen in recent years, the scope of commercial data fraud can be massive. Raising awareness and understanding common cybersecurity threats is a great first step to building more secure defenses for your restaurant. The 3 most common types of transaction fraud that affect businesses of all types:
- Identity theft. As a catch-all category for the theft of personal and financial data in order to initiate fraudulent transactions, identity theft is the most common cybersecurity threat faced by all businesses that use digital tools to process payments.
- Credit card tumbling. This process involves the random generation of credit card numbers tested hundreds of times by bots using your online payment forms. Credit card tumbling is analogous to the threats facing traditional login systems on websites, too. If your restaurant processes payments or sells goods online, you might be at risk.
- Refund fraud. An extremely common threat to retailers of all varieties, this fraud involves thieves making purchases using stolen credit card information, then canceling payment and directly collecting a refund. Businesses then get hit with exorbitant transaction fees.
Everyone can contribute to your restaurant’s security practices by simply taking part in a culture of awareness and responsibility.
The bottom line: Study up on basic concepts of digital security and transaction fraud. No modern business should wait to learn the hard way that their customers have been at risk.
Important Security Precautions
Always consider the simplest first steps you can take to boost the cybersecurity of your business, its operations, and its websites. Oftentimes these simple precautions can be extremely effective since many other businesses fail to even make the easiest of first steps.
There are a few simple ways you can improve the security of your restaurant’s digital operations and payment processing:
- Train your team. As mentioned in the previous section, raising awareness of cyber-threats more generally can go a long way to fostering better security habits across all members of your staff that handle sensitive customer data.
- Check for PCI compliance. PCI, or Payment Card Industry, standards represent a relatively high baseline of security. Any digital tools you use to accept payments or process financial data should feature PCI compliance.
- Secure your website from the outside in. Consider the point of view of a user or hacker attempting to gain access to your site. If your site features eCommerce, reservation, or payment tools, create multiple extra layers of security to protect customer data.
Your site’s login features are a great example of an easy area to boost security. Traditional username and password logins are increasingly risky since discrete credentials are more easily hackable than newer login systems like Swoop, which generates randomized keys and validates a user’s identity via email. Instead of using a password, Swoop processes several security algorithms to authenticate a user’s IP address and identity in just 2 clicks.
The bottom line: Research all your digital tools to ensure they’re secure, then find some easy ways you can boost the security of your site. Your login process is a great starting point.
Use Modern, Secure Payment Technology.
Next, think about the ways you process payments in your restaurant. This includes any hardware and software used to collect payments from customers.
As a management tool, digital database, payment processor, and a physical access point, your POS system is central when it comes to collecting in-person payments.
Restaurant POS systems should offer a few standards, up-to-date security features, including:
- EMV chip readers, a more secure alternative to traditional swiping methods.
- Apple-based processing, which continually proves to be a much more secure operating system for POS software.
- Data encryption and tokenization features that take the guesswork out of adding extra layers of security between hackers and your customers’ data.
- Plus, your POS system must be flexible and intuitive enough to still let you split checks and customize payment methods while fully retaining these automatic security features.
iPad POS software from Lavu is a leader in restaurant management and payment processing tools. Explore their features for an idea of the quality and range of features your restaurant should expect from any digital tool today.
The bottom line: Newer technology is almost always more secure. If you use an outdated POS system in your system, you might be putting your business and your customer’s data in danger.
Learn from Other Sectors
Developments in other industries and sectors that process digital payments can be an excellent guide. Data thieves never rest, so keep your restaurant’s digital team on its toes.
Nonprofit organizations are a great example of an area where you should keep an eye on security developments. That’s because the payment processing needs of nonprofits are particularly unique. Nonprofits need payment tools that:
- They are extremely secure to reassure donors and responsibly steward their gifts.
- Have minimal or flexible processing fees to maximize donation revenue.
- Feature intuitive data reporting tools to save donations and contact information.
- Include additional fundraising and software integrations to save time and money.
- For more context on the kinds of donation tools that meet the needs of nonprofit organizations, check out this guide from Double the Donation.
Payment processing systems and their security features make up a very diverse landscape. Developments in cybersecurity might be occurring in a completely different sector, where your restaurant would never think to look. Staying on top of security news is a great practice to maintain.
The bottom line: Stay aware of developments in the cybersecurity field. Any industry or sector might offer the next big trend or show you what tools to avoid completely!