Is A Coffee Worth Your Digital Security Due To A Me & U App ?
Restaurants and cafés who are struggling to get staff are turning to QR codes and apps, some are even raising prices despite the apps eliminating the need for a waiter, they are also putting customers at risk by allowing app Companies like Me &U to collect personal data including name, credit card details, phone number and email address.
The Me & U app has received investment from several Australian business including the former CEO of Facebook Australia Will Eaton who own business is now being questioned about their business practices.
Also on board is Jason Pellegrino (ex MD Google Australia Domain CEO), Mike Abbott (co-founder Uber Australia), Tim Reed (CEO MYOB), Neil Perry, and John Szangolies (founder of Urban Purveyor Group).
Why, when all you want to do is order a coffee do these Companies need to collect personal data, it’s become an obsession of the millennial generation and it’s high risk” said one observer.
M&U claim that several leading food and hospitality groups including Merivale are using their app.
The founder of the business is Stevan Premuticos communication is by email only.
The big question now is whether the Australian Federal Government or the Australian Competition and Consumer Commission should start an investigation into whether these apps are breaching the Australian Privacy Act.
I recently walked in Pasture a Café come restaurant in Balmoral and instead of a menu on the table there was a black QR code device that was linked to the restaurant’s Menu and activated via the Me & U app.
The reason given for using this data capture system, was that the business was short on staff, however they claimed that “no data” was being captured using the Menu app, which was blatantly untrue.
What happened when I scanned the QR code to get a menu, raises serious questions as to how Companies are capturing information on individuals and above all the level of captured data that is falling into the hands of people who are failing to display on their own business web site how the data service they are selling to restaurants via a subscription, are being stored.
In recent years consumers have become concerned as to how businesses use their personal data; they’re willing to take their dollars elsewhere if they know they’re being tracked or their food buying is being catalogued.
A Cisco survey found that 32 percent of consumers have switched companies over their data-sharing agreements, during COVID this has risen with many now concerned at the increased level of security risk associated with a simple data capture at a point of sale.
On the M & U site they claim that Restaurants such as Pasture who is using their system, ‘Can get closer to customers through direct ordering with Mobile and Web apps!
Another app service being sold to restaurants is the Menu app.
They are telling customers that all a restaurant have to do to capture the data is to ‘Allow them (customers) to order easily and pay from within the applications smoothly & securely, using a variety of payment options.
They claim the intuitive interface and appealing design of the restaurant’s own menu offering similar to what Pasture is using encourage customers to spend more and order more frequently”.
Management claim that the Menu software ‘Typically handles a majority of order traffic shortly after launch, which means restaurants and cafés can reduce waiting times and free up staff for other tasks. It also allows them to lift prices without taking on additional staff.
Menu also recommend that restaurants can Increase ticket size by more than 30% across all channel applications by moving to use their apps.
They claim that Menu’s add-on software and cross-sell features, allows customers to enjoy the benefits of discounts, coupons and rewards!
The issue is, who has given them the rights to sell, market or hand over personal data both to the restaurant who has allowed them to capture data and third parties.
Many restaurants like Merrivale then use these email addresses for EDM programs without the consent of customers. I for one get at least 30-40 unsolicited emails a day.
Yes, I got a menu for Pasture, but I also got key personal data mining by this unknown M +U Company who captured information such as a name, email address, and mobile number as well as credit card information though in some cases the financial transaction data is going through a gateway such as Apple or Google Pay.
All this because I simply wanted to place an order for a cup of coffee and some breakfast.
How about a system that doesn’t? capture personal data but instead allows an order to be placed on a kitchen and paid for.
The real issue is do you want your privacy and security threatened simply because you have purchased a cup of coffee.
The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals.
This includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector.
Missing from the Me & U app is the right to opt-out supplying personal data or being profiled by a questionable app Company.
Consumers have a right in Australia to access the data a restaurant such as Pasture and Me & U have collected about them.
Data theft of information collected by cafes and restaurants via apps is rising and even big global restaurant Companies have been hacked.
In July McDonald’s said hackers stole some data from its systems in several markets including the U.S.
Apparently, it’s becoming easy for cybercriminals to infiltrate high-profile restaurant groups looking for data similar to what I had to hand over via the Menu app.
The Australian arm of restaurant TGI Fridays had to apologise to customers after exposing the personal information of data they had collected on their customers.
The business, which has about a dozen stores in Australia and a much bigger network overseas, admitted to a breach of back-up files containing the information of customers.
Restaurant or Cafe captured data loss can results in customers having to cancel credit cards while also having to cope with spam emails and unwanted telephone calls.
Food delivery app Chowbus which is a similar app to Menu and M& U emailed customer names, full addresses, and phone numbers to other users in Australia.
Screenshots of an email posted to Reddit suggested the breach may have impacted hundreds of thousands of customers.
The company, which delivers from Asian restaurants and stores in the US, Canada, and Australia, didn’t comment on how the breach occurred, but said data was “illegally accessed.”.