News of massive data breaches over the years have intensified consumers’ concerns over data security. According to First Data, only 11% of consumers trust retailers to properly manage a data breach. To maintain a positive customer experience and safeguard brand reputation and loyalty, retailers should deploy a comprehensive compliance strategy to protect sensitive data like payment information against bad actors. With more cashless transactions taking place since the pandemic, this has become an even bigger concern for customers and retailers alike.
“Customers increasingly prefer to pay with credit card rather than cash,” said Bob Maas, retail IT director for 12 Iowa-based Kwik Stop convenience store locations. “We’ve seen about a 30% increase in card payments over the last few years. Keeping customer transactions secure is key to maintaining their trust in us and ensuring their continued business.”
Statistics show that Kwik Stop’s experience reflects larger payment trends. The Federal Reserve’s 2019 Diary of Consumer Payment Choice found that cash payments represented just 26% of all transactions in the US and that use of cash is declining year-over-year. Even for purchases under $10, debit cards edged out cash as the preferred payment method. As the volume of card transactions continues to rise, retailers like Kwik Stop are wise to focus on security and to explore the most effective way to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) for processing, transmitting, or storing credit card data.
A Path to PCI Compliance
According to the 2020 ControlScan/MAC Acquiring Trends Survey, only 26% of merchants reported PCI compliance rates above 60% (compared to 42% in 2018)–indicating a definitive downward trend. Merchants cite the complexity of the requirements and inability to revalidate annually led to the decreasing compliance rates. For merchants with limited IT resources, ensuring their network stays compliant can be a difficult and time-consuming task. And finding affordable, convenient, scalable solutions for small to mid-size franchise operations can be particularly challenging.
Like his fellow franchise operators, Mr. Maas found himself facing those same hurdles when he sought a solution for managing PCI compliance at 12 Kwik Stop locations in high-traffic areas serving customers around the clock. His counterpart with BP retail petroleum recommended he turn to Hughes for our PCI compliance expertise.
Within just one week, from start to finish, Mr. Maas and the Hughes team deployed a PCI Compliance Suite across all of his Kwik Stop locations. The newly installed solution enables Mr. Maas and his team to have anytime, anywhere access to a host of tools to support compliance. For example, Mr. Maas can access the PCI Compliance Portal through an easy-to-use and mobile-friendly platform to check the status of vulnerability scans and reporting; he can use the Self-Assessment Questionnaire (SAQ) Wizard and offer a comprehensive set of PCI compliance courses tailored for Kwik Stop to his c-store employees. Hughes also provides extensive support via phone, email and online chat.
Additionally, the suite includes a proactive troubleshooting service, known as External Vulnerability Scanning, which scans Kwik Stop’s network perimeter for cross-site scripting, SQL injection, remote file inclusion and other application and network-based vulnerabilities. This provides necessary information to assist with remediation and compliance efforts. For extra peace of mind, there is a PCI breach-related reimbursement program.
“Installation was seamless,” said Mr. Maas. “I liked that we were able to have all 12 locations fully integrated into the platform in just a week.”
As Mr. Maas and his team quickly discovered, the Hughes solution effectively decodes PCI DSS and solves very real compliance and reporting challenges, so retailers don’t have to.
“Previously, I had to manually complete, scan and submit SAQ responses for each location–that’s 12 full sets of responses. The process is much quicker now, so I can focus more time on other needs instead,” he said.
For every retailer, no matter the size of the business, PCI compliance is a necessity in today’s environment. The good news is Hughes offers a fast path to compliance by simplifying the process and providing seamless implementation of a reliable turn-key solution that can be scaled for any number of sites.