The National Retail Federation has been saying for years that retailers should get out of the payment-card protection game entirely. NRF's thinking is that banks are inherently more secure than retailers and that just keeping card data off retailers' systems will make everything safe from attackers. True, the restaurant's first-time owners, who bought the place in June, aren't security experts. But they're not the ones who lost the card data. Until retailers get rid of card numbers and beef up security and acquirers harden their own systems a lot further, those attacks will just keep coming.
Here's another reason banks should crack down on restaurants about security: to protect the bank. Seattle police and the U.S. Secret Service are investigating an Oct. 22 cybertheft in which a thief from outside the U.S. broke into the systems of a privately owned Seattle restaurant, the Broadway Grill. From there, the attacker tunneled into servers of the restaurant's payment-card processor and stole at least 1,000 stored card numbers from the acquirer. Investigators won't identify the card processor or the country the attack was launched from, but they said the data was definitely taken from the acquirer and not the restaurant.