United Kingdom | Change Country
B&Q Case Study

Profile

B&Q is the largest home improvement and garden centre retailer in the UK. Employing more than 30,000 people nationwide, it currently has 350 stores in the UK and 8 stores in Ireland.

  • Profile: B&Q
  • Business Focus: Home Improvement Retailer
  • Headquarters: UK

B&Q Case Study

B&Q champions security with UK’S first P2PE Payment as a Service solution

CHALLENGE

B&Q was eager to take advantage of the new PCI P2PE standard in order to increase security to better protect the 3 million customers that walk through its doors every week. It also wanted to simplify card payments across all its channels – in-store, online and via MOTO (mail and telephone order processing).

In order to conform to PCI P2PE in-store, B&Q was required to update its entire PIN pad estate to a solution with PTS 3.x approval and SRED capability. This would make B&Q the first major high street retailer to implement a total PCI P2PE solution in the UK.

To achieve this, it needed a trusted provider who could offer a total omni-channel Payment as a Service solution with the capability and expertise to implement a PCI P2PE validated solution for a high volume retail business on this scale.

SOLUTION

B&Q chose Verifone to initiate a full deployment of a PCI P2PE payment as a service across all stores in the UK and Ireland.

Card payments are now processed via Verifone’s payment gateway, with VX 820 PIN pads deployed across all of B&Q’s UK stores. The same Verifone platform supports B&Q’s call centre and web site.

To date, B&Q have rolled out almost 4,500 Verifone VX 820 contactless/NFC terminals. PCI PTS 3.x certified, these payment devices are also approved with SRED module which is necessary to achieve P2PE validation in a physical environment.

RESULTS

All of B&Q’s payment data is now encrypted – from the point of entry to the third party secure environment where it is decrypted for authorisation. Using P2PE to maximise PED security and standardising encryption throughout, helps better protect the B&Q brand against significant data breaches – which can potentially cost millions in lost revenue.

By moving card data out of the store systems to Verifone’s hosted payment gateway, it has also effectively reduced PCI DSS scope, freeing resources to focus on other parts of the B&Q business.

Incorporating tokenisation as well as P2PE, the Verifone platform allows safe identification and tracking of B&Q customers and spending habits for loyalty programmes and value-added services, which are an integral part of B&Q’s marketing mix.