PCI Compliance Is a Holistic Effort
Bob Russo, general manager, PCI Security Standards Council, offers the following advice about complying with PCI Data Security Standards, including the upcoming October 2015 deadline for U.S. retailers to accept cards with Europay, MasterCard, Visa (EMV)-compliant chips.
No Single Security Solution: “As evidenced by recent high-profile breach incidents, keeping payment data secure in today’s world is an increasingly complex challenge,” explained Russo. “While EMV chip implementation solves one part of the problem, there’s no single solution that addresses all security challenges. For example, the EMV chip is not intended to protect the ever-growing part of our global economy that conducts business online. Increasing security and reducing fraud requires a layered approach to security.”
Consider Whole Payment Infrastructure: EMV chips provide excellent protection against fraud in a face-to-face environment, according to Russo.
“But in preparing for migration to the EMV chip, multichannel organizations need to consider their entire payment infrastructure, not just brick-and-mortar, and specifically e-commerce environments,” he said. “EMV chip migration is a great opportunity to look at overall terminal security, and for retailers to invest in a terminal that meets various
security standards and needs.”
Stay Vigilant: Organizations with security controls in place as part of complying with PCI Security Standards improve their chances, both of avoiding a breach in the first place, and of minimizing the resulting damage if they are breached.
“These findings, coupled with recent breach incidents, highlight the need for businesses to build security into their ‘business as usual’ practices,” Russo said. “In the case of PCI Standards, that is especially important that this does not become a once-a-year event, when a compliance assessment is due, but rather is a daily occurrence.”
Do the Right Thing
There are a lot of official reasons for retailers to make sure their payment systems are in compliance with the security standards of the PCI Security Council. But for Golden Pantry Food Stores, a 39-unit convenience store retailer based in Watkinsville, Georgia, one overarching reason drives its PCI compliance effort.
“It’s the right thing to do,” said Bryan Turk, MIS manager of Golden Pantry. “We got started before PCI compliance became popular, when we began putting our stores on a network.”
When Golden Pantry turned to infrastructure security solutions provider Cybera to connect its stores to a secure network, the retailer decided that the new network should also meet PCI requirements. Golden Pantry also began upgrading its POS terminals to a PCI-compliant model from a major provider that included secure card readers, as well as secure user IDs and passwords that had to be changed every 90 days.
Using a secure on-site Cybera appliance, Golden Pantry sends encrypted POS data to a cloud-based solution with a dedicated virtual router and firewall, on a separate network instance that shares no common routing elements.
Keep It Separated: Golden Pantry also uses Cybera technology to help provide secure Internet connection to third-party CPG partners, as well as to ensure the PCI-compliant protection of data inside its network.
“The solution uses segmentation of data, instead of layering,” explained Turk. “Segmentation keeps everything secure. It keeps all information separate and not tied down in one area where anyone can get at it. If you get into a store’s Wi-Fi, you can’t get into any other part of the network. There is a different segment for every functional piece.”
Golden Pantry continues to upgrade its systems to ensure continued compliance with PCI standards, as well as general security.
“We improve upon what we have to make it better,” added Turk.
Same-Day Delivery: Can Drones Play a Role?
Imagine it’s a breezy Friday morning and tonight is your nephew’s birthday party. It’s completely slipped your mind, and there just isn’t time in your day to go shopping. But you don’t panic because this solution is routine. You go online, find the hottest toy, and hit Amazon Prime Air. Not too long after, a small “Octocopter” touches down on your doorstep to save your day.
A captivating scene. But when you scrutinize the feasibility of this concept, there are many challenges that may push small package drone models into the realm of wishful thinking. However, the potential of drones is much larger. In this case, commercial drones may be more practical and make the reality of a national infrastructure for same-day deliveries more possible for retailers.
Small Parcel Drones
If you assume the average major parcel delivery person will deliver around 250 to 300 packages per day over a 10-mile (square) range, the notion of a drone carrying a 5-pound payload covering the same volume is unlikely. The drone would have to make a massive number of trips to cover the 10-mile range since it can’t carry multiple packages, even if every package was under that limit. From a logistics standpoint, this makes small parcel drones, especially in the context of large volumes, challenging.
In an urban environment, the fact that drones would need to be in constant use to simply deliver a large number of packages — this may be as high as 500 in a day for an urban driver — is another example of the impracticality of small parcel drones. If for nothing else, imagine the confusion of witnessing drones flying around an urban area. The number of unforeseeable consequences as culture adapts or doesn’t makes small parcel drones an extremely risky prospect.
But while the model makes very little sense for most retailers, from a small parcels standpoint, a far more practical view of drones appears in the light of commercial drones.
A major opportunity that could help fill a void in the shipping and logistics industry for retailers is using commercial (larger) drones to move larger volumes of goods or packages. In the United States, there are approximately 5,800 airports with various capabilities to land commercial drones. This could create an extended infrastructure for expedited shipping, same-day delivery and other more time-dominant shipping models for retailers. Linking multi-modal centers together through drones could add a new dimension of air delivery, adding flexibility and new dynamics to the concepts of same-day delivery.
For example, in a largely rural setting, it is entirely possible for drones to have practical impact. A major carrier could pick up a package at one of its rural facilities and cover up to 200 miles per day by truck in an area of only 30 to 40 square miles. The volume of packages is low, but the distance is high. In a commercial drone world, it would then be possible to analyze an area like that and adjust dynamic truck routing to cover heavy packages and use a series of drones, strategically stationed, to cover remote areas or extreme ranges from the distribution centers.
In the case of urban environments, the prospect of commercial drones makes more sense as well. Take New York City, for example. Commercial drones could run from distribution centers in upstate New York to a small airport on Long Island, where couriers could transport those goods throughout Manhattan. In that model, the cultural shock of watching a drone fly through Lexington Avenue with unmarked packages is completely bypassed.
From an infrastructure standpoint, commercial drones could bolster the entire shipping network and remain largely detached from the general public, mitigating risk. Drones could arrive every 45 minutes with delivery requests of the past hour. From a retail perspective, this automatically translates to value for consumers.
So will the FAA permit drones to deliver pallets of packages or products? In short, yes, it will fly. They have been ordered by Congress to come up with policies and rules for both small operating drones and commercial drones. Focusing on small drones seems to be the first step, and the FAA has already made steps by approving the use of drones in Alaska by an oil company for monitoring.
For retailers, the notion of commercial drones is something to keep an eye on. With omnichannel fulfillment options being optimized to better meet customer needs, incorporating drones into the current hybrid delivery models could be beneficial.
When the clearance for larger commercial drones does eventually come, these kinds of same-day delivery models could be designed and employed within years. Of course, the creation of a commercial drone infrastructure is going to take deep pockets, smart people and time. But the fact that drones are quickly becoming central to the discussion of how retailers will reach their customers in the future means that it is definitely a topic to monitor.
Christoph Stehmann is president, e-commerce and shipping solutions, Pitney Bowes, a global technology solutions company.