As cyberattacks and malware continue to proliferate globally, restaurants have increasingly become a prime target. In recent years, major credit card data breaches have been reported by some of the largest restaurant chains in the U.S.
According to IBM and the Ponemon Institute, the average cost of a data breach is $158 per compromised record, and well over $6 million for attacks involving 50,000 or more records. But the negative impact on a restaurant’s brand and customer loyalty may be even more painful.
What restaurants should be doing to protect themselves and their customers?
To prevent data breaches and strengthen payment security, restaurants should consider several key technologies on the market, including the latest developments in payment solutions. There is no silver bullet to payment security but we recommend a multi-layered security approach helps covers all bases. Here are four specific technologies that restaurant executives should consider implementing as soon as possible, to ensure the best possible protection against credit card fraud and data theft.
EMV: The global standard to curb credit card fraud
By now, nearly everyone involved in accepting payments is aware of EMV migration. The major card brands have been driving EMV migration in the U.S., and merchants who are non-compliant face liability for fraud chargebacks. Therefore, restaurants who haven’t done so need to upgrade their payment infrastructure as soon as possible. This upgrade should also make restaurants think about their overall payment acceptance infrastructure and look for opportunities to make it better. Whether they look to accept mobile wallets or consider a semi-integrated approach for better security, EMV is just the beginning. If your restaurant business is not EMV-compliant yet, you should get started right away.
Point-to-Point Encryption (P2PE): The proven solution to reduce card data theft
P2PE is a security solution that protects card data as it’s transmitted through the payment process from start to finish. In the wake of high-profile credit card data breaches, which often exploit weaknesses in payment card systems, P2PE has become a standard method to secure card data from potential interception during payment processing. Using this method, payment card data is encrypted at the point of acceptance and is rendered inaccessible and unusable until it reaches its destination, even if a cyberattack can manage to intercept the encrypted data in transit. For restaurants looking to provide customers with a secure, optimal experience, P2PE is a proven solution that can help you keep your customers’ sensitive information safe while protecting your company’s brand.
Tokenization: Multi-layered security to protect cardholder data
Along with EMV and P2PE, tokenization is another important piece to a complete multi-layered security approach to protect your customers’ card data when it’s being stored by your business. By replacing card data with a secure token during payment transactions, hackers are unable to access the actual card information. In theory, they can only access the encrypted tokens, which will appear to be just a random string of characters. The tokens protect data at rest, such as card data being temporarily stored for purposes such as customer loyalty programs. Along with P2PE and EMV, tokenization enables restaurants to limit the overall cardholder data risk environment and reduce PCI scope. For these reasons, tokenization will become more popular among the major restaurant chains and franchises over the next couple of years.
Mobile Point of Sale (mPOS)/Pay-at-the-Table: Enhancing customer experience while strengthening security
One of the biggest trends in restaurant service is the ability to accept card payments at the point of service via mobile point of sale (mPOS). An mPOS solution frees your staff from being tied to the service counter or server station, and it enables seamless card acceptance from anywhere a sale may occur. Secure payments can be accepted in virtually any environment—ranging from a restaurant table or drive thru, to a food truck or pop-up location at a special event. Notably, many mPOS solutions are also EMV-enabled and offer P2PE and tokenization for added security, making them an ideal choice to protect customers and ensure PCI compliance.
Increasingly, casual dining and table service restaurants are adopting mPOS and wireless terminals to offer Pay-at-the-Table convenience to their patrons, including acceptance of EMV chip cards and NFC/contactless payments such as Apple Pay and Android Pay.
In addition to bringing payment acceptance to the customer, Pay-at-the-Table also provides several critical security benefits. EMV-enabled Pay-at-the-Table solutions give customers the peace of mind of added security as the payment device is brought to them at the point of service. Customers can safely and easily use their chip cards, and enter PINs if required, right from their seats. This embraces a core principle of better card security, which consumers are hearing about more frequently: never relinquish possession of your payment card, even temporarily.
This combination of powerful security and faster, more convenient checkouts makes mPOS and wireless terminals the ideal approach to satisfy hospitality customers.
If you’d like to learn more about the latest payment technologies and how they can enhance and secure the checkout experience for you and your customers, download our cheat sheet, “The Top 5 Payment Technologies for the Hospitality Industry.” Also, please feel free to contact us with any questions or to request additional advice.
Howard Finch is Vice President, Sales at Ingenico Group / North America