Safeguarding your restaurant against fraud in the digital age

Restaurant owners wear countless hats – managing daily operations, managing staff, booking events, and much more. There is not much time left to think about payments processes or data security – but recent data shows that restauranteurs need to pay attention to the prevalence and consequences of data breaches*.

Restaurant patrons increasingly expect* digital-first experiences, contactless pickup/delivery, and other features that depend on smartphones and mobile apps. These changes to the dining experience create new opportunities to reach new customers and grow your business – but also opens up new vulnerabilities that hackers can exploit. Loyalty programs*, gift cards, and ordering apps create more potential entry points for cybercriminals to access and steal customer payment information – which fraudsters can use to make scam purchases& or resell the payment information online.

How can you protect your business and customer payment data? Your point-of-sale solution can be a powerful tool to enhance transaction security and protect your customer payment data. Here are some action items to consider:

Work closely with your payment processor to boost data security at the point of sale

First, it is important to choose a payments provider* that offers payment devices and software with the most secure features and frequent enhancement releases. Your processor should offer numerous security layers to help prevent fraudsters from stealing transaction data in your restaurant, online, and via mobile apps, even as their tactics rapidly evolve.

• EMV
  Also known as “chip and pin technology,” cards with embedded EMV* chips (and payment devices that can read them) prevent fraud by authenticating payment cards immediately at the point of sale – when a card is tapped, inserted, or manually keyed in, the EMV network runs algorithmic calculations and uniquely generated codes to verify that card use is legitimate.
  
  
• Encryption
  Encryption* translates sensitive card data into unreadable codes that cannot be used or deciphered by anyone who doesn’t have the proper decryption keys. Card data stays encrypted in transit from your restaurant’s payment device to the payment processor, where it is decrypted using a special key and routed to the issuing bank for transaction authorization.
  
  
• Tokenization
  Tokenization* is a companion to encryption that replaces the original card data with a token. Once a transaction is authorized, the processor returns a token to your restaurant’s payment device – further masking customer payment information and reducing risk of sensitive payment data loss to fraudsters.

Invest in additional cybersecurity and transaction protection tools

First, it is important to ensure that all of your restaurant’s devices, websites, mobile apps, and payment processes are secure. Choosing a PCI-validated point-to-point encryption (P2PE) solution* is one way to do this – this certification means is that the solution has been rigorously evaluated by an independent assessor and verified as meeting the requirements necessary for merchants to reduce the applicable scope of their cardholder data environment and remove points of vulnerability. Independent assessment by the PCI Security Standards Council also assures physical security of payment devices during inventory storage, shipping, and transportation by your payments processing provider.

Second, your restaurant should adopt strict measures for complying with PCI DSS validation requirements* in your daily operations; these include creating and maintaining compliant processes*  that limit who accesses your payment devices, regularly testing payment device security, using cybersecurity software, and much more. Having the right cybersecurity measures in place can reduce risks to your restaurant, created by customer demand for mobile apps, third-party delivery services, and loyalty programs that integrated with your point-of-sale system.

Train employees to detect scams and prevent fraudulent transactions

From the serving staff that run customer cards to back-office employees that administer web-based platforms, it is critical to train all members of your team to recognize signs of fraud* and prevent malicious attacks on customer payment data.

• Front of house: Train serving staff to handle customer cards, run transactions properly, and identify signs of scams or malicious behavior. Do not allow serving staff to use the same Wi-Fi network as your POS system on their personal smartphones.
• Back of house: Train administrative staff to recognize phishing emails/websites, use strong passwords for restaurant systems, back up sensitive data in secure digital storage, and regularly update operating systems to the latest security features.

Running a restaurant is no easy feat – but with the right payments partner, you can focus on your business operations and trust that your payment devices, software, and data are securely protected. 

* By selecting this link, you will leave Elavon content and enter a third-party website. Elavon is not responsible for the content of, or products and services provided by this third party, nor does it guarantee the system availability or accuracy of information contained in the site. This website is not controlled by Elavon. Please note that the third-party website may have privacy and information security policies that differ from those of Elavon.