PCI Compliance Case Study: Wesco Convenience Stores

Wesco, a chain of over 50 convenience stores and gas stations across Michigan, is one of the busiest retailers in the Midwest in terms of the volume of individual credit card transactions they process. When embarking on the PCI compliance road, Wesco made a strategic decision based on their commitment to their customers—to become compliant with the PCI Standard at its most stringent level in order to ensure the security of their customer's data. Following the recommendation of their PCI assessor, Wesco selected Tripwire to help them successfully meet the compliance deadline, and have since discovered how much more fuel Tripwire adds to their IT engine.

Protecting cardholder information has long been an issue for retailers, but unfortunately wrong-doers are working overtime to find merchants who haven't adequately secured their networks. This is why the Payment Card Industry (PCI ), which initially addressed only the largest of retailers, now requires merchants processing one to six-million transactions each year (Level 2 Merchants) to comply with the Data Security Standard (DSS). While Wesco has always been keenly focused on security, they were anxious to do even more for their customers.

"We made the strategic decision to hold ourselves to the more stringent requirements expected of the largest merchants," said Rachelle Osborn, Wesco's director of IT. "We are service driven and strongly believe in doing everything to protect our customers' data, even if that means undergoing the more costly onsite PCI assessment."

With multiple cash registers, fuel controllers, and network devices at over 50 locations, all operating 24/7, Wesco needed a best-in-class solution that could efficiently secure all of these various points of entry. A trusted consultant and certified PCI assessor specifically recommended that Wesco consider Tripwire. After Osborne and her team did their research, they were sold on how Tripwire Enterprise would provide the coverage they required across their network and address many of the PCI requirements.