Security Risks Restaurants Face

Many of today’s restaurants rely heavily on digital tools to streamline customer engagement. Proprietary apps and third-party platforms allow customers to make reservations and place orders online. Self-service kiosks speed up the ordering and checkout process in fast food venues while reducing the restaurant’s staffing needs. Handheld Point of Sale (POS) systems allow servers to submit orders and process payments directly from their diners’ tables.

While these digital tools significantly enhance efficiency, they also introduce new security challenges. Cybercriminals see the digital systems becoming ubiquitous in restaurants as a prime target for attacks that seek to steal credit card numbers and other personal information.

“Globally, we have seen a rapid rise of Man-in-the-Middle attacks (MITM) involving systems used by restaurants,” reports Yashin Manraj, CEO of Pvotal Technologies. “Whether through public Wi-Fis, malicious QR codes, or exposed APIs during the ordering or checkout process, MITM attacks are being leveled against restaurants and their patrons.”

Manraj launched Pvotal Technologies after working as a computational chemist, an engineer tackling novel challenges at the nanoscale, and a security expert building systems at the world’s best engineering firms. His history gives him a unique nexus for identifying and solving gaps in the product pipeline that draws on business insights and deep technical knowledge from product development, design, and coding. At Pvotal, he is on a mission to build sophisticated enterprises with no limits that empower rapid change, seamless communication, top-notch security, and scalability to infinity.

The MITM attacks Manraj warns about are just one of many cyber threats that today’s restaurants face. The following explores some of the more common attacks being deployed and steps that can be taken to frustrate them.

Avoiding vulnerabilities with ordering apps

Ordering apps are a core digital tool being used by today’s restaurants. They serve as the centerpiece of many restaurants’ business process automation platform, allowing customers to place orders, transmit them directly to those preparing food, pay, and provide delivery details.

To complete the many processes they manage, ordering apps typically must collect a lot of personal information, including names, addresses, and account numbers for payment methods. However, access to data is considered extremely valuable to cyberattackers. As a result, Manraj explains that data gathered by ordering apps globally, like any other customer data that can be collected and sold, also has the potential to appear on the digital black market. Many past breaches have been especially prevalent in emerging markets, and apps utilized for delivery services are no different.

Identifying and addressing issues with ordering apps can be especially challenging for restaurants, which are often more concerned with food safety violations than cybersecurity vulnerabilities. The best course for minimizing threats is to enlist the aid of organizations that can audit and evaluate the apps being used.

“Restaurants should avoid using popular software or hardware without at least one internal audit,” Manraj advises. “Audits should look for potential weaknesses, issues, or vulnerabilities that the system or the integration of multiple systems introduces to restaurant operations.”

Preventing attacks involving POS systems

As POS systems have evolved, many have added features designed to make it easier for customers to complete financial transactions. New features include contactless payment capabilities, which may use near field communication, radio frequency identification, and QR codes to do away with the need for physical contact with the payment system.

In addition to streamlining the payment process, these features also open the door to new types of cyberattacks. Manraj recently shared with Business.com that the latest POS systems have become vulnerable to eavesdropping attacks, in which data being transmitted between two devices is intercepted by a hacker.

“Attackers have been successfully eavesdropping on transactions and either stealing data or redirecting financial transactions to their portal,” Manraj said. These attacks often go undetected because they are carried out at times when customers are focused on their food order or in a rush to leave, Manraj also shared.

Encryption is vital for protecting data from the threat of eavesdropping. Point-to-point encryption solutions ensure data is encrypted when a customer’s card is swiped or tapped for payment and remains encrypted until secured behind the restaurant’s firewall.

Utilizing strong Wi-Fi security is another way to minimize the risk of eavesdropping. Separating networks for complimentary customer Wi-Fi from those used for POS and other business processes should be a standard process for restaurants.

It is also essential to train staff on the signs of eavesdropping and the steps they should take to report suspected attacks. Hackers will be less likely to target restaurants where staff are on the lookout for suspicious activity and quick to act on it.

Business process automation initiatives like online ordering apps and POS systems aim to increase business efficiency and profitability by taking human agents out of the loop, but when more automation leads to less monitoring, the risk of data breaches increases. To stay safe, restaurants must strike a balance between streamlining processes and incorporating controls that can detect and prevent unauthorized access to sensitive data.