NACS/CSNews CIO Roundtable Talks Trends & Technology Issues

NEW ORLEANS -- Complying with Payment Card Industry (PCI) standards and figuring out how to make the best use of online social networks like Facebook and Twitter were two hot button topics at this year's NACS/Convenience Store News CIO Roundtable, held in May on the opening day of NACStech in New Orleans.

This year's roundtable drew its largest lineup of retailer participants, and marked the debut of the retailer educational session as a co-branded event between NACS and CSNews. Fifteen retailers from 14 different convenience store companies also discussed self-checkout, loyalty programs, mobile marketing and other technology issues. The 2010 NACS/CSNews CIO Roundtable was sponsored by Gilbarco Veeder-Root, KSS, NCR and Pinnacle Corp.

Self-checkout, and mobile marketing and payment systems were identified as emerging technologies that many are either testing or considering. They also vigorously debated the merits of various loyalty programs, particularly the pros and cons of coalition programs with grocery store partners.

While most of the retailer attendees noted their companies were up-to-date with all PCI compliance issues, they also agreed with one participant, Jenny Bullard, CIO at 170-plus-store Flash Foods, who noted: "PCI is never complete. It's a journey." The Georgia-based company is in its third year as a Level 1 Merchant. "It doesn't get any easier," she added.
"PCI is a big challenge," agreed Charles Jarrett, director of retail IT for Murphy Oil Corp., which is a big target because of its high profile in the parking lots of Walmart stores.

Michael Davis, vice president of member services for NACS, added becoming PCI compliant and doing so at a reasonable cost is one of the biggest concerns of NACS members. Hank Armour, NACS president and CEO, added the concern over PCI compliance is even greater among NACS' smaller members.

"Although the number of merchants moving toward compliance is growing rapidly, a large percentage of the industry is not yet PCI compliant," agreed James Kelly, project manager for security and compliance at Gilbarco Veeder-Root.

"The challenge for retailers and manufacturers is that the mandates for compliance continue to evolve as the threats evolve," said Mark Williams, marketing manager of payment security for Gilbarco Veeder-Root. "It is important that retailers regularly review their PCI compliance status with their acquirers and use resources such as NACS to stay up to date on requirements."

But what's the most cost-effective way to be PCI compliant?

"It's a continuing effort at Quick Chek to look for ways to reduce PCI scope and risk," according to Maria Fidelibus, vice president of IT for the New Jersey-based convenience store chain.

CHS Corp./Cenex had a Level 1 audit coming up in three weeks from the roundtable, according to Roger Tripp, product and development manager. Adding to the complexity of compliance is that the Cenex network of corporate and independent stores supports six different point-of-sale (POS) terminals, said Tripp. Other issues impacting CHS is compliance to meet the new Credit Card Act governing gift cards because his company operates stores in 28 states and they all have different rules pertaining to expiration dates, dormancy fees and dealing with unclaimed balances.

Roger Ahuja, loss prevention director for Love's Travel Stops, also identified PCI compliance as one of the biggest challenges for the 200-plus store chain of travel centers and c-stores. The company is focused on compliance at the pump, said Ahuja. Love's is particularly watchful for skimmers -- illegal devices that can copy the electronic data encoded into a credit card.

Only a handful of the retailers at the roundtable are looking at tokenization as a way to enhance data security and limit the scope of PCI compliance at their companies. Tokenization is a technology that intercepts card information at the POS terminal and replaces cardholder data with randomly generated proxy numbers, or tokens, making it nearly impossible for a hacker to reassemble it through decryption or reverse engineering.
The real data then resides at a third-party data facility, where it is scattered across multiple locations. In theory, tokenization protects cardholder data from hackers and its implementation could simplify requirements of the PCI DSS since the systems that no longer store the sensitive data are removed from the scope of the PCI audit. However, tokenization is only a piece of the PCI solution, noted Davis.

"Tokenization only addresses a small portion of the data security problem. NACS and PCATS have a Data Security Committee that is looking at developing a complete solution, such as end-to-end encryption," he said.

Hand-in-hand with PCI compliance, retailers are also spending technology dollars in an attempt to reduce huge swipe fees they pay to credit card companies and banks. Interchange fees are the third largest store-level operating expense for retailers, following labor and rent.

Flash Foods has seen some success controlling skyrocketing credit card transaction fees since the launch of its Go Blue ACH-based payment card, which has also enhanced its five-year-old Rewards in a Flash loyalty program and enabled the retailer to compete better against coalition programs, according to Bullard. Coalition programs are gasoline discount programs in which a supermarket partners with a fuel retailer. The Go Blue program continues to be a success for Flash Foods. The retailer recently increased the gasoline discount on the card from 3 cents to 5 cents a gallon and "we've had a 100-percent increase in sign-ups in the last two weeks," said Bullard. This summer, the company plans to add a lot of new giveaways to its loyalty program. Past drawings have included a truck, a car and a Harley Davidson motorcycle — partnering with suppliers on many of these prizes. "Marketing has to drive the loyalty program and we've been lucky that they do," she said. Flash is also participating in a coalition program at some of its Shell-branded stations.

Coalition programs are gaining a lot of attention among c-store retailers. Tom Colbert, director of IT at Kwik Trip, said the Wisconsin-based c-store chain is working toward a coalition program. Currently, Kwik Trip has its own credit card which offers holders 3 cents back on a gallon of gas purchased, as well as a 10 percent back to customers on inside sales in the form of redemption certificates that are issued every quarter and can be used only in Kwik Trip stores. However, Kwik Trip is also working toward a coalition program as well. "You have to do a combination of things," noted Colbert.

Tripp said CHS/Cenex has about six stores involved in coalition programs with supermarkets, but "the lift has not been as dynamic on the grocery side."

Among emerging technologies, several retailers said they were intensely interested in the possibilities of self-checkout. In a test in four stores since last August, Quick Chek has seen customer throughput increase 60 percent in peak periods due to self-checkout, said Fidelibus. Quick Chek's pioneering use of self-checkout technology supplied by NCR was recognized during NACStech's opening session as Fidelibus accepted the 2010 CSNews Technology Award for best retail tech implementation of the year.

Stay tuned for more roundtable discussion on Twitter and social networking in tomorrow's CSNews Online Daily News.
This ad will auto-close in 10 seconds