Do the Right Thing

There are a lot of official reasons for retailers to make sure their payment systems are in compliance with the security standards of the PCI Security Council. But for Golden Pantry Food Stores, a 39-unit convenience store retailer based in Watkinsville, Georgia, one overarching reason drives its PCI compliance effort.

“It’s the right thing to do,” said Bryan Turk, MIS manager of Golden Pantry. “We got started before PCI compliance became popular, when we began putting our stores on a network.”



When Golden Pantry turned to infrastructure security solutions provider Cybera to connect its stores to a secure network, the retailer decided that the new network should also meet PCI requirements. Golden Pantry also began upgrading its POS terminals to a PCI-compliant model from a major provider that included secure card readers, as well as secure user IDs and passwords that had to be changed every 90 days.



Using a secure on-site Cybera appliance, Golden Pantry sends encrypted POS data to a cloud-based solution with a dedicated virtual router and firewall, on a separate network instance that shares no common routing elements.



Keep It Separated: Golden Pantry also uses Cybera technology to help provide secure Internet connection to third-party CPG partners, as well as to ensure the PCI-compliant protection of data inside its network.



“The solution uses segmentation of data, instead of layering,” explained Turk. “Segmentation keeps everything secure. It keeps all information separate and not tied down in one area where anyone can get at it. If you get into a store’s Wi-Fi, you can’t get into any other part of the network. There is a different segment for every functional piece.”



Golden Pantry continues to upgrade its systems to ensure continued compliance with PCI standards, as well as general security.



“We improve upon what we have to make it better,” added Turk.