Compliance Crush

PIN-pad hiccup adds to PCI deadline rush
[This is the first in a series on technology developments leading up to the NACStech conference May 5-7.]OAK BROOK, Ill. -- Retailers trying to meet July 1 data-security mandates hit a momentary speed bump as the credit-card companies' standards body revoked its initial approval of a specific model PIN pad.

Earlier this month, the Wakefield, Mass.-based Payment Card Industry (PCI) Standards Council revoked the compliance status of the PIN (personal identification number) pad model number 3070V1 made by Neuilly-sur-Seine, France-based Ingenico, creating a hiccup [image-nocss] that caused at least one industry supplier to jump in and quickly correct it.

"For retailers affected by this disruption, we have worked to secure the supply of a PIN pad that is PCI approved," according to Richard Browne, vice president of marketing, North America, for Gilbarco Veeder-Root, Greensboro, N.C. He told CSP Daily News the company is shipping other, PCI-compliant PIN pad models from Ingenico to replace the delisted stock. "We have resumed shipping and are working to assist retailers in meeting upcoming mandates."

Officials with Ingenico did not return calls by press time.

Concerns that many retailers waited too long to bring stations up to compliance are still pervasive, as the mandates affect point-of-sale (POS) devices and PIN-accepting devices both inside and on the forecourt. Michael Jorgenson, branch manager, Petroleum Solutions Inc. (PSI), Austin, Texas, told CSP Daily News that they've seen about a 10% to 15% increase in orders compared to the latter half of last year, but that those numbers don't tell the complete story.

"Last year, we had larger customers getting on board and placing orders, Jorgenson said. "A lot of those are done. Now it's smaller customers, so that's what will account for the increase in the amount of orders, but as far as total dollars, I don't know if we've seen huge increases from late last year."

His concerns today center mostly on logistics, the delivery of equipment and having it all come in with enough time for his technicians to complete the installations. He described the situation as made up of mostly single-site operators, with POS terminals and PIN pads accounting for much of the business,

"There's going to be some [retailers for whom] there's just no way they're going to get it done by July 1," he said. "There's going to be some carryover and run over. As a service provider, we do the best we can with the resources we have."

To date, he said prices, including his company's, have remained stable. Observers expressed some fear that events would duplicate last year's stampede to upgrade for new California environmental mandates, where installation prices skyrocketed as deadlines hit.

Other suppliers have predicted delays in supply and installation, especially as a rush of new orders from single-store and smaller chains fall atop orders already in motion from large- to mid-sized players.

"Our industry has chosen not to react in a timely manner," said Michael Tyler, marketing director for VeriFone, Clearwater, Fla., noting how sluggishness from some companies may continue "until someone is made an example of. It'll take a major-oil breach...that's going to give a network a black eye and you'll see change."[For more on data security, look out for the May cover feature in CSP magazine. Angel Abcede, CSP's veteran technology reporter, has also opened a discussion group onMyCStoreWorld.com called C-TechGroup and will post messages on Twitter under the screen name CSPAngelABC. All topics will be up for dialogue.]


More from our partners