C-store Franchise Strengthens Customer Payment Protection with Hughes PCI Compliance Suite

News of massive data breaches over the years have intensified consumers’ concerns over data security. According to First Data, only 11% of consumers trust retailers to properly manage a data breach. To maintain a positive customer experience and safeguard brand reputation and loyalty, retailers should deploy a comprehensive compliance strategy to protect sensitive data like payment information against bad actors.

“Customers increasingly prefer to pay with credit card rather than cash,” said Bob Maas, retail IT director for 12 Iowa-based Kwik Stop convenience store locations. “We’ve seen about a 30% increase in card payments over the last few years. Keeping customer transactions secure is key to maintaining their trust in us and ensuring their continued business.”

Statistics show that Kwik Stop’s experience reflects larger payment trends. The Federal Reserve’s 2019 Diary of Consumer Payment Choice found that cash payments represented just 26% of all transactions in the US and that use of cash is declining year-over-year. Even for purchases under $10, debit cards edged out cash as the preferred payment method. As the volume of card transactions continues to rise, retailers like Kwik Stop are wise to focus on security and to explore the most effective way to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) for processing, transmitting, or storing credit card data.

Challenge

According to the Verizon 2020 Payment Security Report (PSR) documents, there was a decrease in PCI Compliance from 36.7% to 27.9%. Merchants cite the complexity of the requirements and inability to revalidate annually led to the decreasing compliance rates. For merchants with limited IT resources, ensuring their network stays compliant can be a difficult and time-consuming task. And finding affordable, convenient, scalable solutions for small to mid-size franchise operations can be particularly challenging.

Mr. Maas needed a solution to help him efficiently manage PCI compliance for 12 Kwik Stop convenience store franchise locations in high-traffic areas, serving customers around the clock. At the suggestion of a counterpart with BP retail petroleum, he turned to Hughes Network Systems for its PCI compliance expertise.

Solution 

Mr. Maas worked with a Hughes PCI compliance expert to deploy its PCI Compliance Suite across all Kwik Stop locations in a span of just one week from start to finish.

“Installation was seamless,” said Mr. Maas. “I liked that we were able to have all 12 locations fully integrated into the platform in just a week.”

The newly installed PCI Compliance solutions suite enables anytime, anywhere access to Hughes PCI Compliance Suite tools, including:

• PCI Compliance Portal: An easy-to-use and mobile-friendly platform that allows Mr. Maas to check the status of vulnerability scans and reporting. It also houses a variety of PCI tool such as the Self-Assessment Questionnaire (SAQ) Wizard and comprehensive training courses.
• Self-Assessment Questionnaire Wizard: Simple step-by-step instructions that guide Mr. Maas through the SAQ submission process. He also has access extensive Hughes support via phone, email and online chat.
• PCI Security Awareness Training: A comprehensive set of PCI compliance courses tailored for Kwik Stop c-store employees.
• External Vulnerability Scanning: A troubleshoot service that scans Kwik Stop’s network perimeter for cross-site scripting, SQL injection, remote file inclusion and many other application and network-based vulnerabilities. The Hughes scanning service provides information needed to help with remediation and compliance efforts.
• Breach Protection: A PCI breach-related reimbursement program that provides Kwik Stop with greater piece of mind.

Results

Hughes PCI Compliance Suite decodes PCI DSS so retailers don’t have to. It even solves a particular pain point for PCI-compliant merchants–the extensive quarterly and yearly SAQ reporting process.

“Previously, I had to manually complete, scan and submit SAQ responses for each location–that’s 12 full sets of responses,” says Mr. Maas. “With Hughes PCI Compliance Suite, the process is much quicker now.

I can focus more time on other IT needs instead.” In today’s retail environment, PCI compliance is a necessity, no matter the size of the business. Hughes simplifies the process with quick, seamless implementation of a reliable, turn-key solution that’s scalable for any number of sites.

“Hughes PCI Compliance Suite is simple and easy to use,” says Mr. Maas. “I would definitely recommend it to other c-store retailers.”

Hughes PCI Compliance Suite removes the guesswork for merchants, offering piece of mind that customer data is well-protected, and in turn, so is their business.