Pizza Chains, Restaurants Target Of Cardholder-data Security Push
(Thursday, April 26, 2007) - In 2005, Papa John's International Inc. beefed up security for its e-mail system after the company learned customer data had been exposed through a leak at the chain's headquarters.
Although the data consisted mainly of names, addresses and e-mails, the leak is one example of a larger issue facing the restaurant industry: the breach of customer credit-card data.
"We're clearly in an environment today where it makes good business sense to protect sensitive information such as cardholder data," said Martin Elliott, vice president of emerging risk for Visa USA. "Why? Because customers have trust that their cardholder information is safe and kept in a secure manner."
The credit-card industry — including Visa USA, MasterCard, American Express and Discover — are cracking down on restaurants and merchants in an effort to better protect cardholder data.
"Trust is emerging as one of the critical business issues of the 21st century," said Visa USA chief executive John Phillip Coghlan at a March security summit. "Data security must move out the back office and into the board room. Corporate officers must apply the same rigor to data security as they do their financial controls."
To help restaurants and other merchants protect themselves and their cardholders, Visa launched the Cardholder Information Security Program (CISP) in 2001. And in 2004, CISP requirements were incorporated into an industry standard — supported by each of the credit card companies — known as the Payment Card Industry (PCI) Data Security Standard.
The standards, effective Sept. 7, 2006, must be met by merchants across the board based on a strict compliance schedule that's breaks down merchants by the sales number of annual transactions.
An inside look
According to a March 2007 article in the Wall Street Journal, Chicago-based AmbironTrustWave said 62 percent of the security breaches it has seen during an 18-month period came from the restaurant industry. And Visa's Elliott said about 40 percent of credit-card breaches since 2005 have occurred in the restaurant space.
Elliott said Visa and other credit card companies are now targeting restaurants because of their security risks, especially at the point-of-sale.
On its Web site, Visa has listed the top three POS system vulnerabilities — identified to help support compliance with CISP and the PCI standard. At the top of the list: Remote access security.
"Many merchants have a capability built into their POS that allows them at the home office to go into store locations and pull information," Elliott said. "If that tool is not properly secured, a hacker might be able to get into it as well and pull information out of the POS."
To ensure their POS systems are safe, Martin recommended restaurants use software created by validated payment-application suppliers. A list of validated suppliers can also be found on Visa's Web site.
###
Franchising.com is produced by Franchise Update Media. Franchise Update Media has its finger on the pulse of franchising with unrivalled audience intelligence and market driven data. No media company understands the franchise landscape deeper than Franchise Update Media.
P.O. Box 20547
San Jose, CA 95160
PH. (408) 402-5681
The franchise opportunities listed above are not related to or endorsed by Franchising.com or Franchise Update Media Group. We are not engaged in, supporting, or endorsing any specific franchise, business opportunity, company or individual. No statement in this site is to be construed as a recommendation. We encourage prospective franchise buyers to perform extensive due diligence when considering a franchise opportunity.
Copyright © 2001 - 2025. All Rights Reserved. Legal Notices | Privacy Policy
