Women’s retailer EAST reduces scope for PCI

Friday, June 5, 2015

Smart Technology Solutions Limited and Vodat International have once again successfully collaborated to jointly provide a managed payment solution, which reduces PCI DSS without the need to install a PCI accredited Point-to-Point Encryption (P2PE) solution, to another large UK retailer.

The partnership has enabled EAST, the women’s lifestyle clothing and accessories retailer, to strengthen its data security protection levels as well as reduce its scope for Payment Card Industry Data Security Standard (PCI DSS) compliance with the deployment of STS’ G8:Enterprise payment application and Vodat’s managed firewalls to isolate the PIN Entry Devices (PEDs) from the Point of Sale (POS) and other in-store systems.

G8:Enterprise, STS’ PA-DSS Certified and PCI compliant software, allows card data from EAST’s chip and PIN devices to be processed and stored in Vodat’s secure data centres. Working alongside Vodat’s Unified Payment Service, the solution has cut the cost and simplified EAST’s PCI compliance program by removing sensitive cardholder data completely from their POS network.

Howard Buck, Development Leader at STS says, “Many UK retailers have been put off introducing Point-to-Point Encryption due to the overly complex implementation requirements outlined by the PCI council. Working closely with Vodat International we have been able to offer all the advantages of higher security protection available from P2PE, but without the long project timescales and high costs.”

Howard continues, “The beauty of our P2PE solution is that it doesn’t “de-scope” the POS as it was never “in scope” in the first place.”

Rolled out to all 60 of its UK owned stores, G8’s simple POS interface made it easy for EAST to integrate their current POS system. As G8 runs centrally, ongoing maintenance of the solution is made easier and provides the same transaction management and payment streamlining while offering greater card data protection and security. The central install also means that Vodat’s managed firewalls can provide network segmentation to reduce scope.

Ian Martin, Head of Payment Services at Vodat International said, “I am delighted that EAST has chosen to implement the Vodat Unified Payment Service to reduce the scope of PCI DSS. The flexible architecture of the STS G8 payment application combined with dedicated in-store firewalls managed by Vodat International enables the Unified Payment Service to limit the cardholder data environment to the PIN entry device in the retailer’s environment.”

For further information on Vodat and its products and services, please visit www.vodat-int.com or www.thepaymentsnetwork.co.uk.