How can prevent restaurant card breaches in America

How can prevent restaurant card breaches in America

We have reported at least 3 restaurant chains in America that have been breached in 2018

PDQ restaurant has just joined the list, let’s examine what happened and how could have prevented the breach from occurring. It is such an easy problem to fix and we would be happy to assist.

source –




TAMPA, Fla. (WFLA) – Restaurant chain PDQ announced they were the target of a cyber-attack.

PDQ said a hacker exploited part of their computer system and accessed personal information from customers.

It is believed the hacker gained entry through an outside technology vendor’s remote connection tool.

The unauthorized access occurred from May 19, 2017 to April 20, 2018.

PDQ learned on June 8, 2018 hat credit card information and/or some names of customers may have been stolen.

All restaurant locations in operation during some or all of the breach period time were affected.

The restaurants at Tampa International Airport, the Amalie Arena location and the PNC Arena location were not affected.

If you used a credit card for your purchase at a PDQ restaurant during the breach period, then your credit card number, expiration date, cardholder verification value and or name may have been accessed or acquired by a hacker.

Customers should review account statements closely, monitor free credit reports and report unauthorized charges to your card issuer immediately.


How could have prevented the breach from occurring

There is not a lot of information from the source but it is clear that the EPOS system used by PDQ is the culprit here.

here is a video of how PDQ POS system works – 

If were in charge of PDQ’s PCI compliance, we would fix the 3rd party supplier payment channels.

The POS supplier, from what we have seen on YouTube seems to be 

The problem here is that the POS system is allowing card data to be collected, processed and transferred, this means the operating system upon which the POS system and the networks PDQ’s network that allow access to the internet are the two prime suspects as a hacker’s entry point.


First point to note, If we were consulting for PDQ, we would take out card data, the EPOS/POS system would contain no card data and this means, throughout the locations, there would be no card data to steal.


The terminals we would use would be P2PE enabled, meaning they encrypt the card data from the point the card is inserted all the way till the Bank.

A look at the POS systems shows the customer hands over their card to the cashier and the cashier swipes the card on the system and that is it.

The rest happens behind the scenes and it is clear that as mentioned above, its the connection to the internet and the POS system that will be the focus of attention.



This means, the back end systems used at PDQ will also have card data and these will need to be cleaned up as well.

We would track all the payments channels and address the policies and procedures are updated to ensure that the card data is kept out of the network and all the other payment channels follow the same strategy.


Paying by card


This is how we manage online and email payment to ensure card data is not exposed to the network





For further information, please contact [email protected]


No Comments

Sorry, the comment form is closed at this time.