Restaurant data breach: 4 ways to prevent a breach at your QSR

Running your QSRs can be exhausting. You probably have enough going on in your average business day to keep most people busy for a week, so the last thing you want to do is worry about preventing a data breach.

Still, spending time on data security is worth your effort because the alternative is so costly. Without the right prevention measures, data breaches can affect your customers, your employees, your credibility, and your QSRs’ efficiency, not to mention your profitability.

Here are four ways to prevent a data breach at your QSR.

Use EMVs for added security

The EMV credit card, as you probably know, is a more secure type of credit card. It is also called a chip-and-pin or chip-and-signature card. The name itself is an acronym for Europay, MasterCard, and Visa, the companies responsible for this type of card.

The chip is much like the magnetic strip on older cards, but the new chip-style card transmits data to payment processors in a manner that is much more difficult for criminals to hack.

Here’s what you need to know about EMV cards:

1. The chip technology makes it all but impossible to create counterfeit cards.
2. The information on the chip card transaction is different each time a customer uses the card, making it unable to be replicated.
3. Although the EMV cards reduce fraud, they actually shift more liability to your QSRs if you have not yet added chip card technology, new internal processing systems, and credit card readers. That’s because your restaurant will be liable for any fraudulent transactions that arise at your store if you haven’t yet upgraded to a system that accepts EMV cards.

One more concern about chip cards: Customers sometimes leave their cards behind since the card is inserted and remains in the reader during the transaction. To avoid issues, train employees to listen for the warning sound and remind customers to take their cards.

Understand the limits of encryption

You may believe that when you are compliant with the Payment Card Industry data-security standard (PCI DSS) and have the new EMV terminals, all card data is secure. But the standards' only encryption requirement concerns information sent over a public network.

The bottom line is that PCI-compliance is not a one-time situation but is an ongoing process. Unless it’s secured separately, data passing from the EMV chip through a POS terminal and out over a network connection to a processor or gateway is still vulnerable to hackers.

Keep your systems updated

Data security is not for amateurs. Hire an independent third-party to assess your security needs, and consider hiring a monthly managed security service provider (MSSP) to guide the service based on the results of that assessment. Whether you hire a service or not, you will still have some responsibilities:

1. Be aware of current news and industry reports about other QSRs pointing toward common points of weakness that lead to data breaches.
2. Train your employees in best practices when dealing with card transactions and data input and protection.

Remember that knowledge is everything when it comes to stopping data thieves.

Limit stored data to limit your liability

The more data you store, the more information there is to leak out. The less information you have to save, the better. Unless you unquestionably need the data you have stored, get rid of it.

Unfortunately, when a breach takes place, even if it is not because of your system or negligence on your part, your QSR is likely to be blamed. And, the word will circulate. Protect yourself from a breach to protect your brand from taking a hit.