Recently, the National Restaurant Association co-hosted a chat via its Twitterfeed, dealing with issues of payment security. This is of particular concern to NRA members, since many of the most headline-grabbing hacks have come at eateries, like PF Chang’s, Dairy Queen, and other food establishments.
As reported by the Greensheet, rather than carrying out the “traditional” hacks, wherein payment card information is used for purchases during the brief window before the infiltration is discovered, data thieves are more and more interested in personal information, in order to create duplicate profiles of the victims, to open new accounts (or drain them!), and often, apply for benefits, tax refunds, etc., in the victim’s name.
The moderator of the chat asked participants what steps could be taken to better protect customer information at restaurants (and presumably other establishments). Among the tips they came up with were:
* Limit employee access to sensitive data. Make access on a “need-to-know” and “when-to-know” basis.*Destroy any such information when it’s no longer needed. If it’s paper, shred it, and if it’s digits, use Bleach Bit or some other program to virtually shred it!
*When possible, use tokenization instead of transmitting raw and unencoded customer data.
*Comply with all Payment Card Industry security standards. Remember, it’s the merchant’s responsibility to provide security at point-of-sale
It works with “NFC,” or “Near Field Communication” purchases where cards are tapped, etc. This happens with EMV, or chipped cards, that have magnetic stripes as back-up, for places where the chip still can’t be used. Then, the “app scans the card and takes the ATC (or ‘transaction counter’) data. The app also contains a look-up table, or a dictionary, that matches all possible ‘random’ numbers the payment terminal might provide with the corresponding transaction counter number. So when the random number is taken in by the app, it looks for the corresponding ATC and CVV values. At that point, the app has all the data it needs and can start making transactions. The clone is complete.”
As Greensheet reported about the NRA’s Twitter chat, there is, currently a “sense of urgency restaurant owners and payments industry stakeholders share in addressing the current threat environment and protecting the integrity of cardholder data.”
If you’re feeling a similar urgency, be sure to contact your AVPS Rep, to see what your security and payment options are, for customers using everything from payments “on the go,” to “retro” implements like written checks!
Once you know your business is secure, and up-to-date, you can glance at the menu again — for dessert!