Restaurant owners wear countless hats – managing daily operations, managing staff, booking events, and much more. There is not much time left to think about payments processes or data security – but recent data shows that restauranteurs need to pay attention to the prevalence and consequences of data breaches*.

Restaurant patrons increasingly expect* digital-first experiences, contactless pickup/delivery, and other features that depend on smartphones and mobile apps. These changes to the dining experience create new opportunities to reach new customers and grow your business – but also opens up new vulnerabilities that hackers can exploit. Loyalty programs*, gift cards, and ordering apps create more potential entry points for cybercriminals to access and steal customer payment information – which fraudsters can use to make scam purchases& or resell the payment information online.

How can you protect your business and customer payment data? Your point-of-sale solution can be a powerful tool to enhance transaction security and protect your customer payment data. Here are some action items to consider:

Work closely with your payment processor to boost data security at the point of sale

First, it is important to choose a payments provider* that offers payment devices and software with the most secure features and frequent enhancement releases. Your processor should offer numerous security layers to help prevent fraudsters from stealing transaction data in your restaurant, online, and via mobile apps, even as their tactics rapidly evolve.

  • EMV
    Also known as “chip and pin technology,” cards with embedded EMV* chips (and payment devices that can read them) prevent fraud by authenticating payment cards immediately at the point of sale – when a card is tapped, inserted, or manually keyed in, the EMV network runs algorithmic calculations and uniquely generated codes to verify that card use is legitimate.

  • Encryption
    Encryption* translates sensitive card data into unreadable codes that cannot be used or deciphered by anyone who doesn’t have the proper decryption keys. Card data stays encrypted in transit from your restaurant’s payment device to the payment processor, where it is decrypted using a special key and routed to the issuing bank for transaction authorization.

  • Tokenization
    Tokenization* is a companion to encryption that replaces the original card data with a token. Once a transaction is authorized, the processor returns a token to your restaurant’s payment device – further masking customer payment information and reducing risk of sensitive payment data loss to fraudsters.

Invest in additional cybersecurity and transaction protection tools

First, it is important to ensure that all of your restaurant’s devices, websites, mobile apps, and payment processes are secure. Choosing a PCI-validated point-to-point encryption (P2PE) solution* is one way to do this – this certification means is that the solution has been rigorously evaluated by an independent assessor and verified as meeting the requirements necessary for merchants to reduce the applicable scope of their cardholder data environment and remove points of vulnerability. Independent assessment by the PCI Security Standards Council also assures physical security of payment devices during inventory storage, shipping, and transportation by your payments processing provider.

Second, your restaurant should adopt strict measures for complying with PCI DSS validation requirements* in your daily operations; these include creating and maintaining compliant processes*  that limit who accesses your payment devices, regularly testing payment device security, using cybersecurity software, and much more. Having the right cybersecurity measures in place can reduce risks to your restaurant, created by customer demand for mobile apps, third-party delivery services, and loyalty programs that integrated with your point-of-sale system.

Train employees to detect scams and prevent fraudulent transactions

From the serving staff that run customer cards to back-office employees that administer web-based platforms, it is critical to train all members of your team to recognize signs of fraud* and prevent malicious attacks on customer payment data.

  • Front of house: Train serving staff to handle customer cards, run transactions properly, and identify signs of scams or malicious behavior. Do not allow serving staff to use the same Wi-Fi network as your POS system on their personal smartphones.
  • Back of house: Train administrative staff to recognize phishing emails/websites, use strong passwords for restaurant systems, back up sensitive data in secure digital storage, and regularly update operating systems to the latest security features.

Running a restaurant is no easy feat – but with the right payments partner, you can focus on your business operations and trust that your payment devices, software, and data are securely protected. 

* By selecting this link, you will leave Elavon content and enter a third-party website. Elavon is not responsible for the content of, or products and services provided by this third party, nor does it guarantee the system availability or accuracy of information contained in the site. This website is not controlled by Elavon. Please note that the third-party website may have privacy and information security policies that differ from those of Elavon.


Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365.

This contact form is for US customers only. If you are looking for one of our other locations, please visit to find your country or region.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

By providing us with an email address you are expressly consenting to receiving email communications – including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications – including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system – from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.


Available Mon. – Fri.
9:00 AM - 7:00 PM EST

Customer Support

Available 24/7

Start of disclosure content
  1. LexisNexis True Cost of Fraud Study

  2. Ponemon Institute: 2018 Cost of a Data Breach Study

  3. Ponemon Institute: 2018 Cost of a Data Breach Study