In this blog post we talk with the National Restaurant Association’s David Matthews, co-chair of the PCI Security Standards Council (PCI SSC) Small Merchant Task Force, on why small businesses are at risk now more than ever,and what they can do to protect themselves and their customers against payment data theft.
What’s the urgency for small merchants to do something about data security?
David Matthews: Cybercriminals are now finding it easier to target multiple small restaurants as well as large national and international brands. While restaurants continue their adoption of both front-of-house and back-of-house technology, they are frequently becoming prime targets for cybercriminals.
What’s one thing you see restaurants doing, or not doing, over and over again that puts them at risk?
David Matthews: Restaurant owners need to establish a basic cybersecurity program and monitor its safeguards on a routine basis. Establishments upgrading their payment technology systems should consider three components: tokenization, end-to-end encryption (also known as “point-to-point encryption”) and EMV (chip and signature card processing.) On a broader level, a straightforward security program that manages passwords, limits remote access, segregates network segments and regularly scans for cybercriminal activity is a must.
What are some of the biggest challenges for small merchants in the restaurant and hospitality sector when it comes to prioritizing data protection?
David Matthews: Restaurateurs are not technology experts. They are skilled in culinary arts, general business management and hospitality. Like many small businesses, they are reliant on the expertise of others in the cybersecurity space - technology vendors, network and communications vendors, security consultants and payment ecosystem participants such as banks, the major card brands and payment processing companies. If the larger merchants and financial institutions themselves cannot be protected from data breaches, you can imagine how difficult protection is for independent small business owners. In order for small restaurants to thrive in the digital age, they will need significant help from the broader technology and security community.
How will the Small Merchant Task Force resources benefit the restaurants you work with?
David Matthews: The Small Merchant Task Force tools are extremely effective in distilling complex technology concepts into plain English supported by easy-to-understand graphics. These tools are easy to use and provide small business owners with the foundational knowledge they require to understand and activate cybersecurity measures.
What’s the key to better protection for small merchants?
David Matthews: Small and mid-sized restaurateurs need to understand that cybersecurity protection is as critical to a restaurant as food safety. The financial well-being of a restaurant’s customers depends on the restaurateur's ability to protect their information. By keeping that top of mind, our members have a better chance of not being a victim of cybercrime.