In a world where data is everything, restaurants are at the forefront of using data more effectively to enable personalised guest experiences. Essentially, the answers are all in the data. Yet, when data gets in the hands of the wrong people, it can have a devastating impact on a restaurant’s business and reputation.
Restaurants face various security and fraud challenges, from common and widespread phishing scams to disgruntled staff having access to diner data and even third-party data breaches. Importantly, restaurants are responsible for the data they hold and any administrative penalties and damages associated with mishandling data as well as any reporting obligations to diners and authorities.
Let’s dive deep into five common data threats the restaurant industry faces and the specific fraud prevention tactics that can help protect your business from each one.
1. Social engineering and phishing scams
Phishing is the most common scam restaurants face today. It involves social engineering by attempting to build trust or a sense of urgency and forcing you into taking some intended action. For instance, a fraudster calls or emails a restaurant posing as an employee of a trusted vendor or service provider. They ask for the login credentials or force you to undergo a password reset to gain access to the account. Once in, they access guest data or other valuable information and use that to further exploit the system.
These fraudsters appear as if they’re a known entity, such as a vendor or health inspector. Phishing scams via email can usually be identified with one of the following: poor grammar and spelling, urgent language, threats of legal action or negative consequences, random characters in the sender’s email address, and/or links from unknown senders.
You should also consider enabling two-factor authentication (also known as 2FA), which requires a one-time-use code in addition to your login credentials to gain access to your OpenTable for Restaurants account. This makes it harder for potential malefactors to gain access.
2. Credit card fraud
Credit card fraud can often go undetected. For instance, when a guest provides their credit card details to restaurant staff over the phone to hold a reservation or complete a takeaway order, often the quickest and easiest way to record the credit card information is writing it on a piece of paper. Yet this information is extremely sensitive and shouldn’t be recorded anywhere physical that could be found by someone else. Similarly, train your staff never to repeat credit card information out loud, where anyone who can hear them can note down the information.
When guests make a reservation or complete a takeaway order through OpenTable, they enter their credit card details into the secure, PCI-compliant system. Once guests enter their credit card details, the information is masked and vaulted to keep guest information secure and confidential. And even if an unaware, well-meaning host attempts to enter credit card information into text fields like guest notes, OpenTable immediately removes the recognised credit card number.
3. Insider threats
With staff turnover at an all-time high for the industry, you must recognise that sometimes fraudsters come from the inside. A disgruntled employee, who may have left the restaurant, might change reservations, the restaurant’s availability, or modify the restaurant’s profile information. Or a phishing actor might target the right person who is unhappy with their job and open up the business to fraud.
Regular auditing can ensure that 1) only active employees have access to their accounts, and 2) each employee has the correct access level. When an employee leaves, immediately offboard them from their user access.
To help mitigate all types of fraud, the OpenTable iPad app has passcode protections, so no one besides your authorised staff can take critical actions during service, including blocking your availability or overbooking the restaurant.
4. Third-party vendor fraud
Vendors have different levels of security and fraud detection in place. Properly evaluating third-party vendors is vital to ensure data is being stored in a secure, responsible way. When talking to vendors, consider asking them, “Can the restaurant delete data and what is the vendor’s retention policy?” and “Does the provider have a data security incident response plan?” Lo and behold, if the vendor doesn’t secure their data, this can open you up to fraud.
5. Misuse of guest data
Guest information is sensitive and must be treated in a secure manner to keep it out of the hands of scammers. For instance, if a phishing actor gained account access, they could export guest data, if certain checks weren’t in place.
If you download guest and reservation information, store it in a secure manner. When guest data is on OpenTable servers, we handle it securely and with care. When you export it, it’s up to you to do the same (and we’ll provide you with information and guidance to handle it with care).
A good rule of thumb is to treat guest data as you would want your sensitive data to be treated: respect how guests want it shared, keep it secure, keep it only if you need it, and use it only as intended.
These are just a few of the most common data threats restaurants may face. In general, use good judgment and confirm the identity of any suspicious contacts. Talk to your staff and educate them on best practices when dealing with guest or restaurant data and potential risks.