How Not To Be Hacked


Larry Williams, owner of Pizza Garden in Lompoc, California, is working to fix his reputation.

Last month hackers got into Pizza Garden’s computer system and have since been making purchases through the restaurant’s customers’ credit cards.

What Williams is most concerned about, he told his local newspaper, the Lompoc Record, was that locals might think he was involved in this.

He guesses his losses through the fraud are around $10,000. And on top of all this, Williams now has to clean up this mess.

Credit card fraud is nothing new. In fact, according to a recent report from Trustwave, Chicago, for the second year, the food and beverage industry made up 44 percent of security breach investigations.

Restaurants are often a target of criminals, says Jeremy King, European director of the PCI Security Standards Council, which was established in 2006 by the major credit card companies and is headquartered in Wakefield, Massachusetts.

There are three reasons why criminals target restaurants, he explains:

  1. Customers give their card to a waiter and say goodbye to it for a few minutes.
  2. It’s easier for hackers to get into a terminal that isn’t constantly used.
  3. Staff turnover is high.

But perhaps most importantly, he adds, restaurant owners and operators just aren’t as aware of credit card fraud as they should be.

Fortunately, there are many things that restaurant operators can do to protect themselves.

Since nobody wants to end up in Larry Williams' unfortunate position, King provides some tips for operators.

First, he says, “realize there are people out there who are going to try to steal your card data. Then you can get your mind into the mode of how to prevent this.”

Check your website. Retailers with a website and/or restaurants that store cardholder data are a target, King adds.

Make sure your website is secure because hackers will insert malware into it if they can, to obtain cardholder information. Change your default password and if you’ve got a router or a firewall it usually comes with a default password, so change that, too.

“Use good secure passwords,” King advises. Use numbers, symbols, and upper case and lower case letters. “And don’t choose something obvious.” Password1 is the most commonly used password and hackers know that, King says.

And don’t forget to check your POS terminals since they can be hacked physically as well as electronically. PCI’s website lists all approved terminals that are newer than 2005. Sometimes the criminal can put a device into your terminal so he or she can get into and out of it.

“So be aware of what your terminal looks like,” King suggests. “Take a photo of what it looks like so you know when something’s happened.”

You can also work with PCI. Its website provides great resources. You can also get involved with the PCI community. “This opens people up to a raft of resources and help from the council and other merchants in similar positions,” King says.

By neglecting to look after cardholder data, restaurants are exposing their clients to having their cards defrauded. A breach of security means an eatery’s name is often released to the press, which can have a big impact on business.

By Amanda Baltazar


News and information presented in this release has not been corroborated by FSR, Food News Media, or Journalistic, Inc.

Add new comment