Rent-a-Center CIO Opts for All-Wireless Store Systems

Written by Evan Schuman
August 13th, 2005

With almost 3,000 stores in all 50 states, the Rent-A-Center retail chain needs to be able to expand quickly and easily.

But its business model allows customers to rent and return merchandise with little notice, forcing store layouts to be flexible. What if 30 customers return mattresses to the same store tomorrow?

Tony Fuller, the CIO for the $2.3 billion retailer, knew that he needed store systems that were consistent?and therefore replicable?and as flexible as possible. He delivered an all-wireless in-store system.

“We have such small stores (about 4,500 square feet) and we have so much merchandise coming in and out. The dynamics of the showroom floor changes from day to day,” Fuller said. “We have this hiring kiosk in the front of the store. A wireless networks lets us put it wherever it’s convenient on any given day.”

The chain wanted to upgrade POS systems but “it didn’t make sense to retrofit them with CAT5 (cabling). With wireless, within minutes, they’d be ready to go,” Fuller said. “To wire 3,000 stores really wasn’t an option.”

One “big concern” was security of the wireless network. “One thing we required for our overall VPN: encryption had to be hardware-driven. We did the same thing with all of the wireless terminals,” the CIO said. “They were encrypted from each of the wireless terminals back to the access point. It’s a mini VPN tunnel.”

Still, Fuller admits that a wireless network can’t be made impregnable. “There is no way to make a wireless network invisible to the world,” he said. “As much as we’d like to, you just can’t do it.”

Lance Wilson, the director of wireless research for ABI Research, said there aren?t that many retailers who have gone all wireless, but the attraction to do so is compelling.

The number of retailers having gone all wireless is “still relatively small” but it’s not so unusual in Europe and “it’s starting to be proliferated in the U.S. as the ancillary systems go wireless. The likelihood of (existing POS systems from major retailers) being replaced by wireless is much more likely today than it was.”

Greg Buzek, the president of the IHL consulting group, agrees with Fuller?s position that encrypted security?done properly?should be sufficient.

A wireless POS setup with strong encryption “is a viable approach if they’re using 64-bit encryption. That’s pretty strong. 128-bit would be tougher,” Buzek said. “Somebody could sniff the network if they were sitting outside for awhile, but the risk of that happening isn’t much greater than the risk of someone going in through a wired network.”

Fuller declined to specify the level of encryption his wireless networks will be using.

“Everyone going wireless is using very strong encryption. There have been too many lawsuits. Wireless with strong encryption is a major trend out there,” Buzek said. “The bigger issue is how common wireless POS is becoming. Retailers are doing it because they don’t have to pull wires or they want to be able to put out more registers on a cart when they’re busy. Instead of power, they’re using batteries so they can roll out extra lanes when needed. Target has been doing that.”

“They go wireless because they want to add lanes but would have to dig up floors and run conduit if they didn’t do wireless,” Buzek said. “And a lot of people are also using wireless as a backup in case the LAN goes down.”

Rent-A-Center’s IT mix includes HP and Compaq servers running HP-UX and managing a 12-TByte data warehouse with Oracle on the backend and Business Objects on the frontend (for predictive analysis).

Other parts of the network run on a Microsoft Windows backbone and Lawson for financial software. The stores are running SCO Unix with POS units from High Touch.

The CIO expressed some concerns about the long-term viability of SCO, but said that he wasn’t worried.

First, the units require so little support from SCO (“we don’t require a lot of direct support and in fact it’s been several months since we’ve had to initiate such contact?) that he expects to have several months to make a seamless transition.

Secondly, his primary POS vendor?High Touch?has already ported its software to Linux, which would a transition to Linux an easy move were SCO to go away. “Other than a period for switching it over, we’re really not at risk,” Fuller said. “I would have time to swap it off.”

The stores currently have a separate credit card authorization system, which is not part of their current POS operation and is an older-style dial-up terminal.

“That’s old technology now. We recognize that, at some point, we will need to integrate our credit card processing inside our Point of Sale system,” he said. “There is some duplication of time and money.”

But he added that while Rent-A-Center is waiting to modernize its credit-card systems, the rest of the industry will endure the pain of finding and fixing the many security holes. “There are some benefits to lagging behind,” he said.

Today, the network features mostly DSL connections to a Cisco VPN, with some cable modems and some point-to-point Frame over a private network, but Fuller’s plan has all connections moving to MPLS circuits within 3 to 4 years, in time for full deployment of Voice-over-IP.

In about 24 locations where DSL wasn’t an option, the company used cable modems, but they wanted to limit cable modem use because “we tried to limit the number of providers that we use and that number would have grown quite exponentially had we gone for more cable,” Fuller said.

Even though the Frame sites cost a lot more than those riding the public Internet, for sites where neither cable nor DSL were options, that was their backup. His team evaluated satellites, but concluded that satellites still had too much latency and there were real estate problems. Many Rent-A-Center stores are located in strip malls and lease provisions made the installation of a roof-based satellite awkward, he said.

Arvind Bhatia, who is a financial analyst who tracks the company for Southwest Securities, said that Rent-A-Center uses its technology well. Bhatia particularly likes how the CIO is involved in business decisions that, in other companies, would not have involved the IT department.

“If you look at how quickly they integrate the acquisitions they make, it makes sense to include those senior IT people,” Bhatia said. “That speaks to how quickly they integrate their IT systems, too.”

Kathy Mast, an IT consultant who has worked with Rent-A-Center, applauds the company for taking cost-effective approaches to technology, typically well ahead of other retailers.

For years now, for example, the chain has posted full financial specifics at the store level?within a couple of days of a financial period’s close?to all managers via its intranet. “The ability to run a financial report in a centralized location and have it be distributed for some 3,000 individual stores” is impressive, Mast said.

She also cites the company’s using its intranet to capture employee time-reporting through logons, allowing for the elimination of the older timestamp devices.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.