.pdf version of this customer profile (144 KB .pdf)

Challenge:

A supermarket chain in the Northeastern U.S. found itself among those merchants whose classification was raised under the Payment Card Industry (PCI) Data Security Standard. The retailer’s new Level 2 status made it subject to an extensive self-assessment questionnaire that required a perfect score, in addition to the quarterly penetration scan it was already running.

Meeting the stricter criteria required changes to the chain’s existing electronic funds transfer (EFT) application and its IT infrastructure, while avoiding any noticeable impact on card processing in the stores.

Solution:

Stratus Solutions Services was engaged to perform a complete assessment that included on-site data gathering to identify all areas for remediation. With data encryption among the capabilities required for compliance, the VOS-Auditor product from Application Resources, Inc. (ARI) was part of the solution proposed by Stratus. The supermarket chain would also be able to use the VOS-Auditor suite to monitor the EFT application; manage access to directories and files; secure user IDs; manage encryption keys and log the information necessary to document PCI compliance.

Result:

Before any changes were rolled out to the production system and application, testing was carried out on a server in the Customer Support Lab at Stratus. Changes were then tested again on an image of the EFT production system at the supermarket’s disaster recovery site. With the stores open seven days a week, all conversions and changes had to be rolled out overnight.

The attentive preparation by the Stratus Solutions Services team not only ensured business as usual in the chain’s checkout lanes, but also took the project from start to finish in eight months ¾ four months ahead of the compliance deadline.

top of page