Capitalize On PCI Compliance

There’s something to be said for a professional relationship between a VAR and a long-time customer. When the customer’s need for a new technology arises, it is likely that the customer will consider that VAR for a solution. Control Solutions, a supply chain management and mobility solutions provider, has worked with one of its customers, a retail department store chain located in the southern region of the United States, for more than 15 years. During that time, Control Solutions sold products such as Datalogic handheld and presentation scanners to the retailer. When the same retailer needed to replace the mobile handheld terminals and terminal emulation software it used for inventory management and pricing, it turned to Control Solutions again. But this installation did not mirror the original scanner installation, as the mobile handheld terminals had to meet specific requirements — both low maintenance costs and compliance with PCI DSS.

Michael Kapp, senior VP of marketing and technology operations at Control Solutions, explains the retailer has used more than 550 mobile handheld terminals for nearly 10 years. Between the addition of new retail stores and the rate at which the terminals were failing, the customer needed a reliable solution quickly. By January 2008, 100 units were in need of repair. The retailer’s 2008 replacement cycle budget approved the purchase of 150 terminals. “The existing terminals were old, and the cost of maintenance was outrageous,” says Kapp. “The manufacturer of the existing terminals announced it was aborting its U.S. operations and therefore, terminating its U.S. support efforts. The maintenance cost per unit would have been $700 by the time the units were shipped overseas, repaired, and shipped back.”

Is Your Terminal Emulation System PCI-Compliant?
As of October 2007, the retailer had successfully completed three PCI compliance audits. Therefore, the retailer required any new terminal package it acquired to conform to their PCI compliance model. “Any time you connect a new system to a retailer’s internal IT infrastructure, that new system must comply with PCI DSS regulations to ensure the protection of sensitive customer data, such as credit card information and password updates,” says Kapp. “Our customer was already fully PCI-compliant, and it obviously wanted to remain that way. The new terminals and software had to meet all PCI regulations.”

Given the importance of PCI compliance, Control Solutions suggested two mobile handheld terminals to the retailer, one of which was the Datalogic Mobile Pegaso, a Windows CE-based mobile handheld terminal with integrated scanning capabilities. The VAR also suggested terminal emulation software from Naurtech, as the retailer’s existing terminals used an older version of the Naurtech software. The retailer chose the Pegaso units, because unlike the other vendor’s product, Datalogic Mobile demonstrated that the Pegaso units could be configured to meet the retailer’s PCI compliance standards.

Control Solutions and Datalogic Mobile collaborated to ensure the latest version of the software was integrated in the Pegaso units. Datalogic Mobile provided the retailer with a demonstration unit within two days of being chosen for the project. The retailer connected the demonstration unit to its network for a three-week testing period. Pleased with the results of the testing process, the retailer purchased 150 units in April 2008. Datalogic Mobile spent three months installing the Naurtech software onto the units. Then, after a series of lab tests, Datalogic Mobile shipped the units to the retailer (i.e. five units per store). Upon receipt of the units, the retailer’s IT team integrated the units with its WLAN (wireless local area network) and server.

Since implementing the Pegaso units, the retailer has passed an additional PCI compliance audit. Also, the retailer is on pace to save up to $520 per unit in maintenance fees. “The Pegaso units have a one-year manufacturer’s warranty,” says Kapp. “Any first-year failures will be repaired unless the failure is due to abuse. After the one-year warranty expires, our customer will procure an estimate for any needed repairs — the cost of which should run between $180 and $350.” The retailer plans to replace the remaining 400 units over the next few years based on replacement cycle budgets.
www.control-solutions.com, www.mobile.datalogic.com