The popularity of the Pizza Hut online ordering system requires a robust website and a secure payment network. Pizza Hut, like retailers worldwide, is subject to the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS requires that all employees with remote access to a network that contains card payment information must use more than just a password to prove who they are. For Pizza Hut, this meant that all employees with laptops – around 200 in total – needed a second authentication factor.
According to Fawad Shah at Pizza Hut, authentication via mobile phones was the most viable option. “We looked at a number of alternative systems, including plastic tokens which generate a random password and cards which do a similar thing, but mobile phones came out on top. Everyone has one with them anyway, and so a system where passcodes were sent via SMS was the cheapest and most efficient way of complying with PCI DSS.”
By using SMS, SecurAccess sends a login passcode to each employee’s mobile phone at the time of authentication, allowing them to connect to Pizza Hut’s network securely. The passcodes are different every time and are delivered as the user logs on.
Shah continues: “There was some resistance from users at first, which we expected. Employees are generally cautious about change; especially when it comes to IT systems. However, once they started using SecurAccess, they realised it was the simplest and most effective way of securing network access.”