Restaurant data breach highlights vulnerabilities
The payment-card data breach at a Margarita's restaurant in Huntsville, Texas, is shedding further light on the vulnerability restaurants face from debit- and credit-card hackers.
Investigators do not believe any of the employees were involved in the breach that impacted some 200 restaurant customers. However, according to a story on bankinfosecurity.com, they do say the breach was likely caused when the restaurant's point-of-sale system was infected with a virus after a third-party vendor's network was hacked.
From the story:
"This was happening through the computers at Margarita's, and it looks like someone got in to the third-party vendor that handles the credit card information. They did not directly get into Margarita's system." [said Hunstville Lt. Curt Landrum]
Card fraud at restaurants, especially fast-casual diners and pizzerias, has been escalating in recent months. One theory suggests these establishments are vulnerable because of commonalities shared among restaurant POS software.
"But when third parties, such as processors or transactions acquirers, are breached, as may be the case in the Margarita's incident, the software theory flies out the window, [says Jerry Silva, founder and financial-services technology strategist for PG Silva Consulting.] "In the end, compliance with the Payment Card Industry Data Security Standard is the best way to prevent cardholder compromises. The problem, however, is that many merchants and processors remain out of compliance."
To help restaurants better protect themselves from a payment-card data breach, FastCasual.com partnered with VendorSafe Technologies to publish the guide, "Frequently Asked Questions About PCI Compliance." The guide discusses how to ensure compliance, initial steps, pitfalls to avoid and how to develop a culture of security.
To read more about Software & Technology, including PCI Compliance solutions, click here.