Wendy's founder Dave Thomas knew what mattered. He knew that Wendy’s beef had to be fresh. He knew that his own quirky advertising image had to be endearing. Above all, he knew how critical it was for consumers to view Wendy’s as one step above the rest of fast food.
That's part of what makes news of the recent Wendy’s credit card breach, which possibly affected thousands of customers, so difficult for the company. Thomas was a perfectionist. To him, image was everything. He wanted his brand image to be spotless.
So the question is: What happens to the very public image of a company like Wendy’s, Dairy Queen, or Jimmy John’s when the data security of its best customers is compromised with a breach?
The answer: It gets pretty beaten up.
The media adores data-breach stories, and once a data breach—no matter how small—hits a national chain, the example is cited for years as a nightmare scenario.
Wendy's officials declined to discuss their latest breach. "Until this investigation is completed, it is difficult to determine with certainty the nature or scope," says spokesman Bob Bertini in an email.
Wendy's isn’t the first quick-serve company to suffer a data breach, nor will it be the last. In the first nine months of 2014, there were 904 million records compromised in 1,922 confirmed incidents for businesses accepting credit and debit cards in the U.S., reports Heartland Payment Systems, a major payment-processing provider.
Worse yet, the fast-food industry will be seeing more than its share of future data breaches, projects Jennifer Woods, an attorney at the law firm Clark Hill. "We're seeing fast food as the most well publicized because they are some of the easier targets," she says.
The fact is, because restaurants process so many credit cards—and have so much point-of-sale equipment—they are data-thief magnets.So, what’s a restaurant to do to protect itself? Here is Woods’ list of the most important steps to take:
Data theft is going to get a lot worse before it gets better. The most common breach is hacking into cash registers and POS systems at restaurant locations and planting software that surreptitiously records magnetic strip data when cards are swiped through the machines, according to Heartland. The costs to consumers—and retailers—is growing. The average cost for each lost or stolen record jumped from $188 in 2013 to $201 in 2014, reports a Ponemon Institute study. The total average cost to the organizations involved grew from $5.4 million to $5.9 million during the same period. “It’s a virtual certainty that everyone will suffer a data breach,” Woods says. “It’s just a question of when they find out about it.” Even then, she says, smart preparation can limit the damage.
Freelance writer Bruce Horovitz is a former USA Today marketing reporter and Los Angeles Times marketing columnist. He can be reached at firstname.lastname@example.org.