Card Companies Crack Down On Restaurants' Data Security

After being cracked against in Congress over late-fee practices and other hidden nasties, the credit card industry is doing some cracking of its own against restaurants, who, the industry says, are not doing enough to protect patrons data security.

In recent months, Visa USA Inc., MasterCard Inc. and financial institutions that process electronic payments have done everything from levied fines, sent warning letters and held seminars to pressure restaurants into being more careful about protecting the information.

Standards and practices are out there.  According to a Wall Street Journal story, all companies that accept plastic must follow a complex set of security rules.  However, according to Chicago-based AmbironTrustWave, which conducts security audits for merchants, 62% of the security breaches it has seen over the past 18 months came from the restaurant industry.

While most restaurants obscure all but the last few digits of a credit card number on a receipt – that’s not where the issue is most extreme.  Instead, online hacking of wireless networks provide most identity thieves with all the information they need to abuse credit cards that aren’t their own.

Restaurants often use specialized suites of software that combine many features, tabulating bills, relaying orders to the kitchen and tracking reservations. Card companies can’t force software makers to comply with their security rules, so they pressure restaurants instead.

Even with the best software, though, if restaurants "don’t have proper password protection or firewalls, they could clearly have a problem," says Peter Rogers of Micros Systems Inc., which makes restaurant software. "It’s not really our job to tell the restaurateurs what they need to do to be compliant with credit-card regulations," he adds.