BOSTON — Three food-industry executives said last week that their companies have recently installed new POS equipment aimed at bolstering the security of consumer data in an effort to reassure customers who purchase goods with credit or debit cards.
The executives also described other steps their companies are taking in order to comply with the PCI (Payment Card Industry) Data Security Standards, established by the major credit card companies to safeguard consumer data.
The executives — Richard Bauer, senior vice president of information systems and chief information officer at Price Chopper Supermarkets; Glenn Kriczky, vice president of information systems, Associated Wholesalers Inc; and Steve Methvin, director of store systems for Bi-Lo and Bruno's Supermarkets — addressed these and other technology initiatives during a panel discussion on trends in supermarket technology at the ERI Exchange, held last week at the Boston Convention & Exhibition Center.
The discussion included references to SN's State of the Industry Report on Supermarket Technology, published in the Jan. 29 issue.
One reason Price Chopper upgraded all of its POS terminals — as well as PCs throughout the company — to the Microsoft XP operating system in the past year was for security purposes. “We want to make sure we are on top of our game in applying security practices,” said Bauer. “Having a uniform modern platform allows us to do that.”
Price Chopper also replaced all of its PIN-pad POS transaction terminals last year in part for security reasons. “If you tamper with the device, the information in it is erased,” Bauer said. “It communicates that we care about our customers.”
Bi-Lo/Bruno's has also installed new PIN pads of a type that, if tampered with, “automatically destroys the information inside,” said Methvin. “It gives customers a sense of security.”
Methvin noted that the new PIN pads were installed at an opportune time, given the tampering incidents that occurred earlier this year at a few Rhode Island Stop & Shop stores. Four men, who have been arrested, were accused of siphoning credit and debit card information from PIN pads at those stores. The new Bi-Lo/Bruno's PIN pads “give our [cashiers] a story to tell customers — that security is a priority at Bi-Lo,” Methvin said.
In regard to PCI data security requirements, which involve securing computers that contain or process customer data, Bauer said Price Chopper has been able to meet “internal and external requirements in the last annual audit.” The company is currently working on meeting an end-of-year deadline for meeting the latest PCI specifications for tier-one retailers.
It's difficult to ever feel too secure, he added, because “the bad guys are always trying to get one step ahead.”
On the other hand, Bauer said the PCI rules tended to be too “prescriptive” and “onerous” when there may be better alternatives. “I'd prefer more latitude, because we could be innovative and get the same result,” he noted.
Associated Wholesalers is discussing the PCI issue with the independent retailers it serves. “When you look at all the PCI requirements, they have a long way to go,” said Kriczky. “It's going to be a tough job the next few months convincing them that this is important.”
Methvin said Bi-Lo/Bruno's has met PCI deadlines and expects to meet future deadlines. But he objected to the security risks Visa and MasterCard create by issuing credit cards that don't have to be reissued for many years and don't require a PIN for processing. “A PIN would stop so much of the security problem — so why aren't they using it?” he said. “Meanwhile, we're being forced to provide an easy experience for Visa and MasterCard's customers at our own expense.”