STCR Welcomes North Coast Co-op

Since 1973, North Coast Co-op has been a member-owned consumer food cooperative in Northern California operating two full-service grocery stores in Arcata and Eureka. The Co-op has a production bakery and deli serving great food without artificial ingredients. They also use organic or natural ingredients whenever possible.

In March of 2009 the Co-op was recertified as an organic retailer by CCOF, a third party certifying agency. The North Coast Co-op is the first food co-op on the West Coast and the only food retailer in California north of the Bay Area, to be certified organic.

They recently installed STCR’s IBM SMS Integrated Retail Grocery System in both stores along with the SMS host system. With the host system, they centrally manage merchandise pricing and company reporting. As part of the implementation they are also utilizing STCR’s new “Locally Sourced Product” feature. Items that are sourced locally can be flagged in the item file as such. This distinction allows the system to display a separate sub-total and highlights this sub-total on the customers receipt as “Locally Sourced Products Purchased.”


PCI DSS (Payment Card Industry Data Security Standard) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help organizations that process credit card transactions minimize fraud. The standard applies to all organizations which process or exchange cardholder information.

The PCI Security Standards Council continues to develop the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to remove all security risks. Changes to the standard follow a defined 36-month lifecycle with eight stages, described below.

Stage 1: Standards Published

Stage 2: Standards Effective

Stage 3: Market Implementation

Stage 4: Feedback Begins

Stage 5: Old Standards Retired

Stage 6: Feedback Review

Stage 7: Draft Revisions

Stage 8: Final Review

Each of the stages varies in length with a total of 36 months. Retailers need to be proactive when it comes to PCI and credit card security risks. You can find the most up-to-date PCI information at

GS1 DataBar

As the June 2011 deadline approaches, compliance for GS1 DataBar Coupon codes appears to be on track. While the initial date was set for January 1, 2010, a shaky economy combined with a limited number of stores that have implemented the technology, have forced the compliance deadline to be extended.

The new barcodes will allow retailers to fight coupon fraud as the embedded serial numbers on the new formatted coupons can be automatically captured at the POS terminal. Coupon verification and limited cashier intervention ensure the correct processing of discounts. DataBar coupon codes can have values up to $999.99 and are not limited to the traditional table of 100 values. Additional information can include product details, embedded expiration dates, as well as retailer specific coupons.

Another benefit of the new barcode format is the standardized promotions built in and available in all supporting POS systems. Executives at major manufacturers say the promotions supported by GS1 codes will be fully functional at the start of 2011. Manufacturers will also be allowed to stop printing UPC codes on coupons. Experts say that UPCs will be phased off of coupons by June 2011, giving retailers a bit of buffer to make upgrades.

With coupon compliance as the first step future applications are not far off. The next readiness deadline of January 1, 2014 will allow the use of GS1 barcodes globally on any product. After coupons the next DataBar application will be labeling for loose produce, replacing the current PLU codes. This will allow tracking of products to the grower that supplied the product and allow more traceability of the products.

Other fresh categories that will follow suit include meats and cheeses, as well as sensitive categories such as health care merchandise.

PCI Update

PCI is here to stay. Much has and continues to be written about the PCI Standards, as it is constantly evolving and changing. The goal this month is to point out some of the recent changes and to have you re-evaluate your thoughts that “this won't happen to me” or that “I can worry about that later.”

The July 1, 2010 timetable has passed for ensuring that your pin pads are now PED compliant and processing with Triple DES encryption. Hopefully all retailers have done the upgrade to their pin pads; some retailers have found that the needed pin pads are in short supply. The processors have said they do not intend to fine for non-compliance at this time so there is a sort of temporary reprieve. This does not mean that you should not complete this update as well as be compliant with the new rules which will take effect January 2011.

Earlier this year in an article the two year cycle for PCI requirements was discussed. Due to feedback from different organizations, the PCI council has changed the process to three years in order to match other similar processes that are ongoing. This means you may no longer be compliant due to the changes made to the standards. Also as the industry has learned more about the requirements as well as the methods to meet those requirements, it will be very beneficial to work with your card processors and POS vendors to be sure that all is in order today.

Some software versions that were PCI compliant even just last year may no longer be listed as compliant today. This will continue for the foreseeable future, so just one upgrade does not mean you are set forever. Instead you should consider upgrading as often as every other year to stay up to date. Also keep in mind that the software is only part of 1 of the 12 steps which must be reviewed regularly.

The problem of credit card data theft continues. Even with strict adherence to PCI requirements, your business could be next. There are at least two benefits to being PCI compliant, first you are less likely to be victimized and second you have protections in place when you are. Please call us today at (607) 757-0181 for information on our programs that have been reviewed and certified as fully PCI compatible.