Keeping your restaurant & hospitality Cardholder Data Environment safe

August 12, 2014, Marvin Sandoval, Sales Associate

Reports of new credit card data breaches seem to be in the news daily.  Recent high profile breaches within major retailers this year should serve as a wake-up call to the restaurant and hospitality industries.  As a result of having high volumes of credit card transactions and decentralized security practices, criminal organizations have put the restaurant and hospitality industry squarely in their sights.  The track data used in U.S magnetic-Stripe cards are still among the most valuable commodities on the black market as it allows criminal organizations to clone cards and quickly exploit them for highest possible financial gain.

For the restaurant and hospitality industries, there are a couple of key questions you might want to ask yourself:

  • First, are we already compromised? As investigations have shown, sensitive data could have been leaked for months before the compromise is actually caught.  

  • Second, are we doing everything we can to keep from being compromised? The Payment Card Industry Data Security Standard (PCI DSS) is a great baseline, but taking a few extra steps to be secure is what the current climate requires.

Achieving PCI DSS Compliance is not a guarantee that your organization is secure.  To minimize risk and decrease your organization’s exposure to cardholder data compromise, Coalfire suggests, at a minimum, that merchants within the restaurant and hospitality industry take the following measures:

  1. Understand the True Scope and Extent of your Cardholder Data Environment.  If you mischaracterize or misunderstand how and where cardholder data traverses your environment, then your PCI DSS compliance program may be missing the mark.

  2. Minimize the Amount of Sensitive Data in Your Environment!  Is your organization up to speed on new payment technologies such as tokenization, Point-to-Point Encryption and EMV acceptance?  These techs can help reduce overall risk and even lower the impact of PCI DSS compliance maintenance.  Make sure your trusted security partner is ready to help you with these. 

  3. Adhere to the Principle of Defense in Depth.  A potential attacker may have the time and resources to circumvent one or two security controls; however, a strong security program with multiple layers of security can help prevent attackers from exploiting sensitive information from your systems. 

  4. Physical Security and Awareness Training.  As merchants payment systems become “more secure” in the coming years, we’ll see an increase in physical security attacks within retail environments.  Are you prepared?  What about your employees? Many QSA firms that offer “social engineering” as part of their penetration testing services can help you address these concerns.

  5. Don’t Get Left Behind!  Your peers and competitors are rapidly adopting new payment technologies and security programs to ensure they do not become the next headline.  What happens to the companies that are left behind?  They become the primary target of criminal organizations. Avoid becoming criminals’ “low hanging fruit” by working with your QSA to put new security measures in place.  Don't let your organization become “low-hanging” fruit for wrongdoers!

The security threat to the restaurant and hospitality industries is real.  For the sake of your customers, employees and shareholders, it is time to stay ahead of the cyber criminals and keep your name out the news.  

Marvin Sandoval


Marvin Sandoval — Sales Associate

Recent Posts

Post Topics