Franchises are on guard against data thieves
Share with others:
Every day Hardee's franchisee Todd Pahl is on the lookout for a predator he can't see.
It's not lurking in the crevices along the baseboard or slinking just beyond the range of cameras. This danger hides behind the infinite 0's and 1's in the computers that no modern company can do without.
The franchisee industry, especially restaurants, has become one of the favorite targets of data thieves.
Tight budgets that leave little money for operators to get expert help, inadequate Internet security training from the corporate leadership of chains, and restaurateur hubris have attracted criminals to the industry. They snoop out passwords and get into systems through viruses, Trojan horses and programs that copy keyboard strokes.
The result: millions in fees paid by operators to credit card companies, billions stolen from consumers and the loss of trust among restaurant customers.
About 44 percent of credit card compromises originate within the food service industry, according to Trustwave, which helps companies to secure information and meet compliance standards.
The thieves sell the financial information in huge files to third parties, who then distribute the files to individuals, who run up bills as much as they can before a cardholder or a bank notices and closes an account.
And everybody is getting hit -- from independent restaurants run by mom and pop operators to franchisees of big chains such as Subway and Five Guys Burgers and Fries.
Of course, cybersecurity issues aren't limited to the restaurant franchise community. The New York Times, Coca-Cola Co. and former President George W. Bush have all been the victim of cyberattacks. Consumer products giant Apple and social media leader Facebook also have been hacked.
Keeping customer information safe is quickly becoming one of the restaurant industry's biggest priorities. As Americans increasingly favor debit and credit cards over cash, companies are broadening what they see as important, adding cybersecurity to the list, alongside the quality of their food, service and staffing.
Cybersecurity experts said the problem is not at the corporate level, but among individual franchisees who generally aren't getting the tools to protect themselves. Many are owners of one or two stores that don't have the size to make cybersecurity a priority. Often, they are just doing well enough to pay wages and insurance, and make a small profit that they often have to put back into the business.
Because of those low margins, they don't take the extra steps recommended for their safety, said Tim Thomas, director of product management at Atlanta-based ControlScan, which helps companies protect their computers.
For instance, the most common mistake made is co-mingling general-use computers with those that contain financial information.
And while $50 consumer-grade firewall and virus software from Best Buy or Amazon is good for home computers, retailers with sensitive credit information from thousands of customers need much more robust protection, Mr. Grant said. They also need to think deeply about passwords and avoid easy-to-guess clues such as the restaurant's name or that of its owner.
Operators also need to use a separate DSL or cable modem line when offering customers free wireless connections, de rigueur for operators trying to attract diners who like to surf the Internet while they eat. Wireless networks offer easy access to data thieves.
The hack can be expensive, said Charles Hoff, an industry expert, restaurant attorney and operator of Hoff Hospitality. Restaurateurs can pay fees on average of $85,000 up to the six-figure range because of a breach, including fines and penalties for credit card processing, expenses related to forensic audits and the cost of reissuing customer credit cards.
First Published March 19, 2013 12:08 am