KFC looking to foil cybercriminals and better protect POS payments

smartphone payment
KFC is using a new platform to better secure POS payments. (Image: ipopba/iStock/Getty Images Plus/Getty Images)

KFC has migrated its payments system in the U.S. to a new semi-integrated approach, where sensitive cardholder data is routed around the POS to better protect personal information.

Using Ingenico Group's Telium Semi-Integrated solution, KFC customers will also have more payment options including EMV chip & PIN, EMV chip & sign, magstripe and NFC/contactless. And seeing as consumer preferences are different in-store from the drive-thru, KFC will use a mix of smart terminals at each touchpoint to maximize the consumer experience, while keeping it fast and secure. 

With Ingenico Group's help, KFC was able to transition from a fully integrated to a semi-integrated system.

“Upgrading our payment terminals wasn’t just about migrating to EMV— it was about helping to protect our customers’ payment information and giving them the ability to pay the way they want, whether it’s by using their mobile device or their credit card,” said Chris Caldwell, KFC U.S. chief information officer. “Ingenico Group has helped KFC U.S. transition to EMV and implement a seamless payment experience for our customers with best-in-class terminals that accept a variety of payment options.”

RELATED: KFC's mobile app spurs 90% of users to order

So what are the benefits of a semi-integrated payment environment? 

According to a spokesperson from Ingenico, in a fully integrated transaction, the customer's credit information travels from the POS, through the electronic cash register (ECR) to the retailer's back office for storage, and then is forwarded to the transaction processor for payment authorization and sent back to the ECR. 

A semi-integrated payment environment is composed of the same elements as a fully integrated payment environment, but the communication between these elements is limited to the payment terminal and the ECR system with only nonsensitive commands.

RELATED: EMV implementation is a waiting game

"In the event that cybercriminals hack into the ECR, they won’t find any credit card information because the ECR never came in contact with it," the spokesperson said.