fbpx

Rocky Rococo is a popular chain of pizza and pasta restaurants based in Madison, Wisconsin. Whether customers are buying their pizza by the slice or by the pie, they can be sure the dough is freshly made in Rocky’s kitchen, the sauce is rich and tangy, and the finest ingredients are used for their array of toppings. It is this commitment to quality that has kept Wisconsin pizza lovers
returning to Rocky Rococo for the last four decades.

Roger Brown owns First Madco Inc. DBA Rocky Rococo Restaurants in Madison and La Crosse. Roger has been in the pizza industry for over 45 years. He recently engaged Wind River Financial’s security team to help with a PCI compliance issue the chain was facing. Roger shares his story below

Dilemma

  1. Rocky Rococo would continue to pay hefty non-compliance fees every month.
  2. Their customer data was at greater risk of a security breach.
  3. A data breach would result in costly fines and be extremely damaging to their reputation.
Read More

Objectives

  1. Make their customers’ payment data more secure.
  2. Get rid of monthly non-compliance fees.
Read More

Strategy

Wind River delivered comprehensive insight into Rocky Rococo’s security processes, areas of vulnerability, and provided recommendations and prioritizations for improving their security position and eliminating non-compliance fees.

Read More

Results

  1. Rocky Rococo saves thousands of dollars every year by eliminating non-compliance fees.
  2. Their customer data security has been greatly improved.
  3. Their path to full PCI compliance has been simplified.
Read More

PCI Process Was Discouraging

Roger Brown, Owner of Rocky Rococo in Madison/La Crosse, WI:

“We are a lean company with no dedicated IT person on staff so we were taking on the PCI process without that internal support. There are two parts to the PCI compliance process. Part 1 comprised a PCI scan of our systems. That was not a difficult process, and Rocky Rococo’s easily passed all of the scans.

We thought ‘hey, we’re doing pretty well!’ Then we turned our attention to the second part of the process. This is where it got complicated and the ‘We’re doing pretty well’ fell by the wayside. There were about 25 self-assessment questions (SAQ) that required a ‘yes’ answer to pass. We’re pizza connoisseurs, not payments or IT experts so we could only decipher about half of the questions. The other half was not understandable at all. Yet, failing to complete Part 2 meant that we were not complying with PCI requirements.

Putting the entire process on the back burner and remaining non-compliant had some serious implications.

  1. We would continue to pay heft non-compliance fees every month.
  2. Our customer data was at greater risk of a security breach.
  3. A data breach would result in costly fines and be extremely damaging
    to your reputation.

It's a Matter of Trust

“We didn’t want to waste money by paying unnecessary fees but the larger issue for us was related to customer trust. We put a great deal of care into every pizza we make. Our customers trust it will be prepared with fresh, wholesome ingredients. They trust it will be piping hot and delicious every time they order. And, they trust that we’ll keep their payment data safe. We want to run a good ship and part of that is protecting the trust that our customers have placed in us.”

Getting Help from the Wind River Team

“We made the transition to Wind River for our credit card processing back in 2017. We had been with one of the big, national providers upon the recommendation of our bank. We pretty much lost confidence in that payment partner when their local rep left the company and was not replaced. We were given a help line to call with questions or issues but the service we received started to go downhill.

The conversion to Wind River was really easy, and now if I have questions or issues, I just need to pick up the phone and call my relationship manager, Betsy. I enjoy the one-on-one contact and feel confident issues will be quickly resolved. With this level of competence at Wind River, I didn’t hesitate when I had the opportunity to work with their security team on a PCI and Cybersecurity
Audit. Their team brought a unique perspective of both security AND payments expertise. Often the skill lies in one or the other.

Our two main objectives for engaging Wind River security were:

  1. Get our customers’ payment data more secure
  2. Get rid of monthly non-compliance fees

The PCI consulting engagement assessed our security processes against best practices for both the Payment Card Industry Data Security Standard (PCI DSS) and also against current cyberattack trends. The entire project lasted just a few weeks.”

Recommendations were Easy to Understand

“Wind River delivered comprehensive insight into our security processes, areas of vulnerability, and provided recommendations and prioritizations for improving our security position and eliminating non-compliance fees. I’d like to note that those recommendations were completely understandable and gave us the confidence that we could execute them to achieve our goals.

We are in the process of implementing the recommendations from the PCI and Cybersecurity Audit and are quite pleased with our results so far:

  • We save thousands of dollars every year by eliminating non-compliance fees.
  • Our customer data security has been greatly improved.
  • Our path to full PCI compliance has been simplified.”

“We are in the process of implementing the recommendations from the PCI and Cybersecurity Audit and are quite pleased with our results so far:

  1. We save thousands of dollars every year by eliminating non-compliance fees.
  2. Our customer data security has been greatly improved.
  3. Our path to full PCI compliance has been simplified.