News Feature | June 20, 2016

Restaurant And Hospitality News – June 20, 2016

Christine Kern

By Christine Kern, contributing writer

Wendy's Millennial Customer Branding

In news this week, a new study finds that unbundling reservation fees might just be prudent for restaurants, while Wendy’s admits that the scope of their data breach may have been larger than originally suspected.

Study Finds Some Guests Would Pay To Make Restaurant Reservations

A new study from Cornell University found that some guests would be willing to pay extra to be able to make reservations at their favorite restaurants, although most respondents still think the practice is unfair. The report, “Revenue Management in Restaurants: Unbundling Pricing for Reservations from the Core Service," by Sheryl Kimes and Jochen Wirtz, is available at no charge from the Cornell Center for Hospitality Research. In the report, Kimes and Wirtz highlight the value of table reservations, although restaurants traditionally include that value as part of the overall cost of a meal. As restaurants become more popular, the value of the reservation escalates. In fact, third-party reservation firms have made a business out of acquiring and selling hard-to-get reservations in popular restaurants.

“We are seeing some acceptance of the idea of paying separately for a restaurant reservation through third-party firms,” Kimes explained, “especially among respondent who said they were familiar with the practice. So far, though, we are not aware of any restaurant that is charging for reservations. That said, we anticipate that we may see restaurants adopt this practice as restaurant guests become more familiar with it. This is a logical extension of the revenue management principle of pricing a service to match demand.”

Wirtz added that “Singapore’s taxi system provides an analogy to paying for tables.” In Singapore, customers are willing to fork over additional fees “to ensure that the taxi arrives when they need it. We could see this rationale extending to similar businesses, including restaurants.”

The report found that familiarity is crucial for consumer acceptance of the practice of unbundling restaurant pricing and charging for reservations. The research demonstrated that customers who were familiar with reservation fees responded positively to the option, and “they viewed the inferred motive of the restaurant in a far more positive light, saw the transaction as relatively fair, had higher levels of satisfaction, and said they’d be more likely to return to the restaurant.” Thus, the implication is that restaurants and reservation companies need to do everything they can to familiarize customers with the unbundling concept and the idea of paying for reservations, particularly for prime time seating.

Wendy’s Uncovers More Cyberattacks, Affecting Well Over 300 Restaurants

In May, Wendy’s first confirmed a data breach at some of its restaurants, after allegations first emerged at the end of January. On May 11, the chain reported that fewer than 300 of its restaurants had been affected by the breach. Now, however, a new disclosure has revealed that the breach was in fact far wider than originally suggested.

“Based on the preliminary findings of the previously-disclosed investigation, the Company reported on May 11 that malware had been discovered on the point-of-sale (POS) system at fewer than 300 franchised North America Wendy’s restaurants,” according to a company statement. “An additional 50 franchise restaurants were also suspected of experiencing, or had been found to have, other security issues.”

“Based on the preliminary findings of the investigation and other information, the Company believes that malware, installed through the use of compromised third-party vendor credentials, affected one particular point of sale system at fewer than 300 of approximately 5,500 franchised North America Wendy’s restaurants, starting in the fall of 2015,” Wendy’s said, in a press release announcing the company’s fiscal first quarter results.

In the course of the investigation, Wendy’s discovered a variant of malware that was used in the previous attacks, similar to the original, “but different in its execution,” the company said. Attackers apparently used a remote access tool to target a POS system that the company previously believed to be unaffected.

Wendy’s now says that the number of restaurants hit by these cyber security attacks “is now expected to be considerably higher than the 300 restaurants already implicated.” The attack appears to be limited to franchised locations.

The company is blaming third-party service providers that maintain and support point-of-sale systems that many franchisees and other operators use, and Wendy’s believes that criminals gained access to the franchise restaurants’ POS systems via compromised remote access credentials of some of these third-party providers. 

“The malware used by attackers is highly sophisticated in nature and extremely difficult to detect,” Wendy’s said, noting that it disabled the malware in all franchised restaurants where it has been discovered.