Case Study: E2EE Takes POS Out Of PCI Scope

By Matt Pillar, Integrated Solutions For Retailers magazine

With 107 stores throughout California and Arizona, BevMo! is the West's largest retailer of alcoholic and nonalcoholic beverages and the products that go with them, including specialty foods and snacks, cigars, glassware, and related bar and wine accessories. When the company faced the July 1, 2010 PA-DSS (Payment Application Data Security Standard) and PCI-DSS (Payment Card Industry Data Security Standard) deadlines, it knew its network and more than 750 devices across its enterprise would be audited and subject to expensive upgrades to satisfy compliance. With less than a year to address the situation, BevMo! faced the prospect of an expensive store systems upgrade that would gain it nothing more than the satisfaction of mandate requirements. Instead, BevMo! found a solution that would completely remove payment card data from its storage, processing, and systems environments. The foundation of the solution is VeriShield Protect, a hosted, end-to-end encryption (E2EE) solution that removed its existing store systems from the PCI audit microscope.