Focus on: Payment Security
A shift in consumer payment habits has had a noticeable impact on merchants that process a large volume of low-value transactions. Credit cards, historically associated with payment for higher-priced items that required financing, have become a preferred payment method for routine purchases that once were covered by pocket change.
It’s all about convenience — as evidenced from a December 2011 survey by the National Foundation for Credit Counseling. Only 6% of survey respondents said they planned to use credit cards less in 2012, but 62% said they planned to decrease credit card debt in 2012 — further substantiating the trend that credit cards continue to replace cash as daily currency.
Quick-serve restaurants, such as DavCo Restaurants — one of the largest Wendy’s franchisees with 152 locations in the Mid-Atlantic region, including the Baltimore and Washington, D.C., markets — is a classic example of a merchant that has seen a marked increase in the number of consumers paying with credit cards rather than cash.
Stacy Duncan, senior director of IT at Crofton, Md.-based DavCo Restaurants, confirmed that nearly half of the transactions in their restaurants are now paid by credit card, and in some locations the number is even higher, as much as 70% of all purchases.
While the expediency and convenience of credit card payment fundamentally supports the goal of fast food service, the trend created substantial regulatory challenges for DavCo.
“We’re classified as a Level 1 merchant, and the new PCI requirements forced us to change everything across our systems and processes in order to become PCI compliant,” Duncan reported. “We had very little security in place because our network had been started in 2001, back when we didn’t even know what we didn’t know.”
In October 2010, the Payment Card Industry published version 2.0 of the Data Security Standard (PCI-DSS) and Payment Application DSS (PA-DSS), giving merchants until Dec. 31, 2011 to meet the new requirements.
DavCo tapped RedZone Technologies of Annapolis, Md., to help determine the best security solutions to meet their needs for PCI compliance and secure the network.
“RedZone helped us realize that the best way to approach PCI compliance was to reduce scope so we could segment our network and put processes in place,” Duncan explained. “There was no way to do this without adding a firewall so RedZone identified the providers that would allow us to achieve compliance in the simplest way and by buying a minimal amount of product.”
DavCo deployed paired Network Security Appliance firewalls, from SonicWALL of San Jose, Calif., at its headquarters and SonicWALL TZ 210 firewalls at the 152 Wendy’s locations, effectively segmenting POS transactions from corporate communications. The TZ 210 was the best choice for the restaurants because it provided the fastest multi-layered Unified Threat Management firewall in its class.
“Speed was a critical factor for us, and we had to have a solution that could handle the throughput without slowing transactions at the POS,” Duncan added. “The firewall had to add security without belaboring store orders — and SonicWALL is fast enough that no one even noticed it was there.”
The SonicWALL firewalls provide two-factor authentication and centralized global management across DavCo’s WAN. Features include high-speed intrusion prevention; file and content inspection; and application intelligence, control and visualization. Following the firewall implementations, DavCo became officially PCI compliant on Dec. 31.
Additionally, a universal management appliance enables DavCo to centrally monitor, manage and report activity; and the firewall deployed at headquarters delivered secure remote access across the enterprise, including easy-to-use, secure VPN access to files and applications on desktops, servers or intranets from remote endpoints. The system is compatible with Windows, Windows Mobile, Mac, Linux and Android devices.
Connie Robbins Gentry is a contributing editor to Chain Store Age.