Case Studies: Liberty Restaurant Group
Liberty Restaurant Group Was In Need Of A PCI Compliance Solution After
A Significant Breach At Several Of Their Burger King Franchises
Featuring Tracy Amarosa, Administrative Manager, Liberty Restaurant Group, Metuchen, NJ
Liberty Restaurant Group’s Breach History:
Liberty Restaurant Group, headquartered in Metuchen, NJ, owns and operates 23 Burger King restaurants in Missouri and Illinois. Multiple restaurants within their franchise suffered a series of significant system breaches, which caused the Department of Homeland Security and Visa to demand a costly and excruciating forensic audit process to identify gaps in data security that allowed for the breaches. Because of the breach, their restaurants immediately elevated from a Level IV to a Level I merchant status.
The Financial and Operational Impact of a Breach:
Liberty Restaurant Group had never been through this sort of ordeal before. It was stressful, overwhelming and extremely costly. Liberty Restaurant Group has spent upwards of $250,000 in fines and fees associated with the multiple breaches.
Since the breach immediately elevated Liberty Restaurant Group to Level I merchant status, they are required to pay an ongoing annual compliance audit fee estimated at $20,000 per year regardless of whether or not they pass the compliance audit each year going forward.
“The breach caused immense frustration. The fines were financially burdening and the breach did damage to our customer confidence. We wanted to do everything possible to avoid a breach from ever happening again,” stated Tracy Amarosa, administrative manager of Liberty Restaurant Group.
The process that Liberty Restaurant Group had to go through to satisfy Visa and the security assessment firms was excruciating and took over ten months. This also required working with the POS vendor to make changes to the environment, a detailed assessment by a QSA firm to develop a remediation plan for the gaps, instituting operational changes and finally searching for a system that could address the critical requirements for PCI compliance. As a non-technical business owner without the benefit of a full-time IT department, Liberty Restaurant Group could only thwart the threat of future attacks by finding a partner with the technical resources and experience necessary to ensure undeniable security and monitoring for their customers’ credit card data.
The Solution for PCI Compliance and Avoiding Future Breaches:
Omega ATC rescued Liberty Restaurant Group from the operational nightmare the breaches presented and the daunting financial reminder of their breaches — the steep monthly fines. Omega ATC was brought into Liberty Restaurant Group to implement a data security solution, which was required for managing all aspects of PCI compliance. The solution had to work with the existing systems that operated every day at each of the 23 restaurants, and could not cause one operational hiccup during implementation. With the knowledge that any suspicious activity would be instantly reported and dealt with by Omega ATC, Liberty Restaurant Group was able to focus once again on their business without fear of a breach. Omega ATC did all of the work associated with the implementation. Once it became live, the fines from Visa ceased.
OmegaSecure™, Omega ATC’s hosted solution option, was successfully configured and deployed within 45 days. The small footprint OmegaSecure agent works in the front of house registers across all 23 restaurant locations and their back-of-house systems offers detailed logs and alerts, so that Liberty Restaurant Group is immediately made aware of violations of the machine policy or anything outside of ordinary showing up in the logs. All of this is done at one centralized location.
This built-in logging and alerting system provided Liberty Restaurant Group with the peace of mind they’d been missing. Weekly summary reports are automatically delivered to Liberty Restaurant Group. They are also provided with a two-factor authentication-based console to review the logs and reports from their home office.
“To this day, our customers’ credit card data remain safe and secure, and we have not received a single alert since the implementation of OmegaSecure. Before this happened, I didn’t know anything about PCI compliance. Now, I know as much as I need to know about PCI compliance – chapter and verse,” stated Ms. Amarosa.
Ongoing PCI Compliance Requirements:
Like any store or restaurant that has been breached, Liberty Restaurant Group is required to submit an annual report on compliance, which in and of itself is time consuming, daunting and expensive.
“OmegaSecure makes it significantly easier to prepare this report, which is something most retailers and restaurant owners dread. The logs and data captured by OmegaSecure are easy to access and report on. This is another value-added benefit our solution provides,” stated Shekar Swamy, Omega ATC president.
The working relationship between the POS vendor, the QSA firm and the Security Strategists at Omega ATC got their problem solved and keeps Liberty Restaurant Group compliant.
“Cost always comes into play with business decisions and Omega ATC’s was certainly affordable, but the working relationship was the deciding factor for me. Omega ATC doesn’t assign a traditional ‘sales rep’ to try to convert a prospect to a client. They assign a Security Strategist™, someone who can truly sit at our side of the table, make us feel comfortable, and ease our concerns. Omega ATC does all the heavy lifting for us. They work with the POS vendor and the security auditing firm to stay in alignment with the data security issues of Liberty Restaurant Group.”
— Tracy Amarosa, Administrative Manager, Liberty Restaurant Group
- Liberty Restaurant Group passed their compliance audit and the fines ceased
- OmegaSecure offered more than just the added security Liberty Restaurant Group required — it offered comprehensive technology to manage the most difficult aspects of PCI compliance
- All OmegaSecure agents were up and running across all 23 stores within 45 days
- Minimal interruption at each individual restaurant, with no hardware changes required
- The OmegaSecure console allowed them to connect to individual stores securely and remotely, accessing the logs in a single easy-to-access interface
- Forensic logs are retained at the OmegaSecure data center for over a year to comply with PCI requirements
- Omega Security Strategists and monitoring personnel are available to assist Liberty to deal with any issues that may arise
17263 Wild Horse Creek Road
Chesterfield, MO 63005