Article

POS Data Security an Issue as Fast-Food Restaurants Automate Ordering

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,038 viewsSign in to rate
The next time you buy a burger at McDonald’s or Wendy’s, a computer may be the one asking, “Would you like fries with that?” After decades of depending on human workers to take orders – and payments – American fast food chains are finally moving into the computer age, driven by rising minimum wages, a tightening labor market, a push for efficiency, and a growing number of internet-savvy consumers who prefer to interact with computers than human clerks. Discussion of this “Rise of the Machines” in the media has largely centered around the minimum wage and the displacement of low-skilled labor. Missing from the conversation has been any mention of POS data security in these automated ordering systems – even though Wendy’s, which intends to roll out ordering kiosks en masse, suffered a data breach last year. The breach compromised approximately 300 locations, went on for several months, and has resulted in a class-action lawsuit accusing the fast-food chain of inadequate data security procedures. Automated ordering systems are not new. Regional convenience stores Wawa (headquartered near Philadelphia) and Sheetz (a Pittsburgh-area chain), both of which have extensive custom deli and hot foods menus, installed ordering touch screens over a decade ago. However, these systems, unlike the ones Wendy’s and other fast-food restaurants intend to install, only take food orders and do not process customer payments; customers get printed order slips to take to a cashier for payment. And, of course, gas stations, supermarkets, and some retailers have had self-checkout lanes for years. The surprising thing is that large fast-food chains have taken so long to automate customer ordering and payments – and this is where the conce over POS data security lies. In some ways, automation in the fast-food industry is similar to automation in the healthcare industry. As mentioned in previous blogs, among the reasons why the healthcare industry is so prone to cyber attacks is that it clung to paper records for years, and when it finally did automate, it did so practically ove ight, without any employee training. Similarly, the majority of fast-food companies continued to use human workers long past the time they needed to. The push to automate fast-food ordering is fairly new but very strong; at least one major chain has expressed that it is in a hurry to implement automation in the wake of minimum wage increases on city and state levels. Since the fast-food industry is known for razor-thin profit margins and aggressive cost-cutting, and making burgers – not POS data security – is its core competency, whether fast-food chains will take cyber security seriously or repeat the mistakes of the healthcare industry remains to be seen. However, as the ransomware attacks and data breaches that have plagued the healthcare industry have proven, no industry can afford to take a laissez faire attitude toward cyber security, especially when installing completely new systems. The fast-food industry needs to be proactive as it makes the leap from human clerks to self-serve kiosks. Among the measures restaurants can take are: 1. Do a review of your security policies and procedures to ensure PCI DSS compliance. Compliance with the PCI DSS is mandatory for any company that accepts payment cards, and procedures should always be reviewed when a new system is installed to ensure PCI DSS compliance is maintained. Here is a helpful primer on PCI DSS basics. 2. Be sure to purchase your new system from a reputable dealer. Since fast-food ordering kiosks are an industry that is about to explode, inevitably, shady dealers will pop up offering what appear to be fantastic deals on new systems – that turn out to have multiple security vulnerabilities. Make sure you’re buying your equipment from a known, reputable company. 3. Make sure your new POS system can handle EMV technology, or “chip-enabled” cards. One of the ways hackers attack POS systems is by installing card skimmers that steal data off of the magnetic stripe old-style payment cards use. Chip-enabled cards eliminate this problem. However, not all payment cards are chip-enabled at this time, so it’s important not to leave self-serve kiosks completely unattended. Have at least some on-site staff available who are trained to spot card skimmers. 4. If you offer free WiFi to your customers, do not set your POS terminals to access it. Otherwise, a hacker can come into your store and use the WiFi to get into your system. 5. Monitor your POS terminals for suspicious activity. Are your terminals being accessed by or communicating with unknown exte al sources? Just like any other network, POS systems should be monitored for suspicious activity; had Wendy’s monitored its systems, the breach the company suffered may not have gone on for so long undetected. 6. Have a comprehensive cyber security plan in place, to include training on POS data security for any employees who access the restaurant’s computers. Protecting your customers’ payment card data is as important as adhering to food safety and sanitary practices. POS Data Security Doesn’t Have to Be a Stomachache! Because the fast-food industry has depended on manual ordering processes for so long, the transition to automation may seem confusing or even overwhelming for restaurant owners. That’s why it’s a good idea for restaurants to enlist the services of a professional cyber security firm to ensure that their ordering kiosks are secure and in compliance with PCI DSS.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026