Pizza Hut acquires taste for tokenless authentication
Date: Nov 25, 2013
Pizza Hut acquires a taste for tokenless network access identification: PCI compliance ensured using two-factor authentication
The American Pizza Hut chain of restaurants has more than 12,000 branches worldwide. Each week the 700 branches in the UK process orders of more than 1.1 million euros through the online ordering system. The stored payment details are protected in accordance with the PCI DSS (Payment Card Industry Data Security Standard) compliance requirements. These stipulate that the internal system login at Pizza Hut must not be secured by a password alone.
Pizza Hut has installed the tokenless two-factor authentication solution SecurAccess from SecurEnvoy. This sends a text message to the mobile phone of the employee containing a numerical code, which is entered in addition to a password.
Using mobile phones as keys:
Tokenless two-factor authentication works without the need for additional, dedicated hardware tokens. Instead, when the user wants to log in to the Pizza Hut network, they receive a six digit numeric code via text message using their mobile phone. This is entered together with the user’s personal login information in order to ensure unambiguous identification. The code is valid only once and expires once it has been entered. The user receives a new code for each subsequent login.
“We compared numerous systems, including solutions such as plastic tokens that generate a random password,” explains Fawad Shah of Pizza Hut. “We decided in the end to go with SecurAccess because it makes use of mobile phones, which almost everyone owns and carries with them at all times anyway. In addition, the passcode transmission via SMS is the cheapest and most efficient way for us to ensure PCI DSS compliance. Our staff who work with laptops can now log in securely, even if at first there was some scepticism about the solution. But on using SecurAccess to log in for the first time, staff members discovered that this way of safeguarding access is very easy and efficient”.
For more information about SecurAccess, click here.