Customers Beware—3 Big Fast Food Hacks

Revel Blog | Revel | October 18, 2013 |

iPad POS PCI compliance data security

Hacking: it’s not just for government websites anymore. With the rise of computer-based POS systems, restaurants are increasingly becoming targets for hacking and cyber-theft. Restaurants are especially vulnerable due to the sheer availability of credit card and payment information--in order to pay for their meals, cashless restaurant patrons hand over their cards, which are then swiped at the point of sale. Depending on the system, payment data enters a server, which then sends the payment information and allows the restaurant to charge the customer. Although this is an efficient and modern convenience, the electronic transfer and availability of credit card information can open the door to hacking and data theft.

POS System hacking is everywhere. Here are 3 big fast food hacks in the news:

  • KFC: Bloomberg recently reported that “South Africa’s banks have lost tens of millions of rand after an “unauthorized international organization” hacked the card details of fast food restaurant customers.” The malware, known as “Dexter,” hit several South African KFC stores by way of their point of sale system. This particular instance of hacking may have affected “hundred of thousands of customers.”

  • Subway: Various Subway chains were hit by hackers last year: “According to authorities, the men identified vulnerable POS systems via the internet, and managed to gain access via vulnerable remote desktop software.” Once the vulnerable systems were identified, the hackers were able to skim credit card data once it was swiped on the POS system.

  • Subway [again]: Earlier this year, several Subway franchises were hacked, also by way of their POS systems. The perpetrators were able to remotely hack the POS systems of 13 Subway locations. One conspirator sold compromised POS systems under a fraudulent business to his co-conspirator, and through this means they were able to fraudulently add “at least $40,000 in value to Subway gift cards, which they then used to make purchases at Subway.”

How can such hacks be prevented? Vigilance on the part of both consumer and restaurant employee helps, but business owners need to take the extra steps needed to protect themselves--and their customers--from data theft. One way is to ensure they’re using an accredited and PCI compliant point of sale system. Revel’s POS systems have, to date, never experienced any form of credit card fraud or hacking. Revel also uses secure card swipes and payment encryption, ensuring all Revel card readers come fully encrypted with AES 256 payment encryption key.

Don’t let hackers happen to your restaurant. Make sure you’re using a POS system that protects both you and your customer.