Pinning Down PCI
NACStech attendees grapple with looming mandates, consider opportunities
Published in CSP Daily News
GRAPEVINE, Texas -- A heightened awareness of payment-card-industry (PCI) mandates permeated the mindset of retailers attending this past week's NACStech conference, especially as 2010 deadlines for compliance approach. About 1,000 attendees met outside Dallas, to hear speakers discuss the importance of executing compliance, as well as to discover technology benefits that go beyond baseline mandates.
The PCI rules have evolved over the past three years, as have deadlines, so as one session speaker noted, "It's like fixing a tire on a moving car."
Gray Taylor of the [image-nocss] National Association of Convenience Stores (NACS) went further to say that "you're PCI compliant until you're not," meaning that a retailer can follow through and check off all the set rules, but if there's a data breach, he or she is immediately non-compliant and vulnerable to thousands of dollars in fines.
In a session titled "PCI Compliance: Ignorance Is Not a Defense," Shekar Swamy, president of American Technology Corp., Philadelphia, said many retailers, especially the smaller, multi-site operators, are in denial. "They think the oil companies will take care of it or the POS [point-of-sale] company will handle it," Swamy said. "No one wants to deal with it because it has many moving parts."
"Larger companies tend to have a more structured approach," said Dan Glennon, senior vice president of marketing and strategy for Cybera Inc., Franklin, Tenn. "The smaller organizations have less of an understanding, less sense of urgency."
The ambivalence is a point of frustration for many suppliers, said Ann Seki, with San Ramon, Calif.-based Chevron Corp. "It's been a challenge for us in the last two years where the whole focus on education has surfaced as a high priority," she said. "Yes, it's fine to meet the [PCI] regulations, but brand integrity is very critical. If something goes wrong, [customers] don't see [just] the store, they see Chevron."
Deadlines most relevant involve debit transactions and the protection of personal-identification numbers, as well as rules that will make many POS devices in the field noncompliant. These measures will go into effect by mid-2010.
Meanwhile, other hot topics surrounded the use of data and technology for marketing purposes. In one session, Jenny Bullard, CIO of Flash Foods Inc., Waycross, Ga., said the company's systems are able to collect store-level data that employees could access via "dashboard" interfaces.
At that session, Nishat Mehta, director of OEM programs, MicroStrategy Inc., McLean, Va., said retailers often take a path that starts with data collection and builds to relationship analysis and sales projections. Using spatial "mapping" software that allows selected data combinations to become expanding or contracting "bubbles," he showed session attendees the visual possibilities that come with different types of reporting tools.
In another session on in-pump marketing, three-site retailer Larry Gerosa, who operates just outside of San Antonio, said he uses digital screens inside the store and at the pump on his Gilbarco dispensers to help him visually show off his foodservice offers. He uses the devices to illustrate piping hot breakfast burritos and to advertise a slew of specials and programs, such as the store's party platters. "You don't have to make cost an issue in that you can put one [in-store TV screen] and expand later," Gerosa said. "Use resources when you can and be different."
Though this year's attendance at NACStech was downaround 1,000 versus an estimated 1,300 last yearJeff Lenard, a spokesperson for NACS said, "We want to get as many bodies here, but it's also about having the right people. From what we hear, we had the right people."
Speakers at a NACStech session on payment-card-industry (PCI) compliance included (pictured, from left) Ann Seki, Chevron Corp.; Gray Taylor, NACS; Mikey Kindler, Gilbarco Veeder-Root; Shakar Swamy, American Technology Corp.; Dave Faoro, VeriFone Inc.; and Dan Glennon, Cybera Inc.