Zoup, Ballard Brands, Vale Food share tips, advice on battling payment fraud
When it comes to payment fraud, or any sort of data breach, brands must embrace the philosophy that even one time is one too many and understand that prevention and preparedness is critical.
In fact, as three fast casual brand leaders explained during a panel talk at the three-day Fast Casual Executive Summit held in October at the Hyatt Regency Lake Washington in Seattle, payment fraud and data breaches should be viewed with the same concern and mitigation focus as food safety. Both can put a fast casual out of business as today’s consumer has more choices than ever when it comes to cuisine and regaining customer loyalty and trust is a tremendous challenge.
“You can’t have a mistake as “one [breach] in a million [transactions] is too many,” said Bill DiPaola, the COO of Ballard Brands, a 6 six-year-old, privately-held, multi-branded restaurant, food and coffee company, based in Louisiana. Its global portfolio includes nearly 200 locations and brands such as PJ’s Coffee, Boardhouse Serious Sandwiches and New Orleans Roast Coffee & Tea.
Digitalization expanding potential fraud, breach opportunities
The panel was moderated by Dan Bush, vice president of marketing at Kount, which sponsored the discussion, “More at Risk than Food Safety: The Growing Concern of (Payment) Fraud,” at the summit run by Fast Casual’s parent company, Networld Media Group. The event draws restaurant executives interested in learning and networking via interactive sessions. Kount offers an all-in-one fraud and risk management solution that detects and prevents ecommerce and credit card fraud for online and card-not-present merchants.
Bush shared that in 2017, 1,057 data breaches were reported, a 20 percent spike over 2016.
That’s a compelling statistic and why fraud must be top of mind given as brands are constantly expanding the omnichannel strategy — from e-commerce to today’s emerging mobile ordering and payment options, said Sunny Illyas, founder and CEO of Vale Food Co., who participated in the panel. Vale Food is a healthy fast casual that also offers meal plan delivery and catering in Tallahassee, Gainesville and Tampa, Florida.
The fast casual transaction of cash to digital and now mobile device technologies demands brands pay very close attention to every and all activity from beginning to end, said DiPaulo. It requires brands to deploy secure technologies and processes to prevent fraud from taking place in and out of the enterprise.
Illyas and DiPaulo, along with Eric Ersher, founder and CEO of Zoup, discussed real-world fraud and breach incidents, sharing insight on the many ways hackers, angry ex employees and even internal human mistakes can cause financial and brand havoc. Zoup is a franchise of locally owned and operated fast casual eateries across the U.S. and Ontario.
Why preparation is essential
Being prepared for a breach or payment fraud incident is critical, according to Zoup!’s Ersher.
“When the shit hits the fan that’s when you know what you’re made of,” he said, and it’s not the time to learn what partners and vendors can do or not do to help in response.
An incident at Zoup delivered a stunning realization, he added.
“We thought we were buttoned up, but it came out of the blue and we didn’t see it coming,” Ersher said. “We went to Defcon 5, pulled everyone together into a war room,” he said, adding that the remediation response included investigating everything from firewall protection to social media channels.Thankfully the fall out was not as huge as it could have been.”
Such an experience, said Bush, is why brands must have best practices and process in place well before any sort of incident.
The preventative strategy should include stress testing systems to ensuring the brand is being as transparent to the consumer as possible. It should also include vendor and partner participation, said the panelists.
“There are lots of holes where things can be taken advantage of,” said Illyas, and many times those points of advantage are well known to employees and internal staff. The ‘holes’ can be everywhere from internal operation systems to applications to loyalty programs and the growing ways consumers can pay. There are currently 97 payment options in the U.S.
That’s why brands have to focus on potential breach and fraud when implementing new technologies and systems.
“Ask the vendor about the POS, the OS, about the vulnerabilities,” said Ersher.
It’s also why brands must have a contingency plan and someone to call when something bad happens.”You don’t know what you don’t know,” he added.
DiPaulo recommends brands approach data and system security like the way they think about advertising — by asking a lot of questions up front and well before moving forward.
“What are the layers of protection, what are the back-end processes? What are the two or three authorization steps? Asks for references from vendors on how they’ve deal with security breaches,” he said.
“It’s not completely unavoidable [fraud, data hacking] but you can’t afford to leave it to chance. You need to protect your name, your brand and your business.”
Republished with permission from FastCasual.