Achieving PCI Compliance in the Enterprise Organization

Case Studies

Tokenizing the Enterprise at MRC Global

Learn how international distributor of pipe, valve and fitting products, and services to energy and industrial markets used tokenization to remove all their payment and sensitive personal data out of their world-wide network of ERP systems.

MRC Global is the largest distributor of pipe, valve and fitting products, and services to the energy and industrial markets worldwide.

A true international organization, it operates in over 44 countries, in every region where oil and gas exploration and processing takes place. Its customers range from industry giants such as Shell, Exxon-Mobil, and BP, to the thousands of independent drilling and extraction outfits. They also support the refining and chemical industries with specialized piping, fittings and valves that work in high-pressure, high-temperature, and corrosive environments. To supply the needs of these demanding hardware-intensive customers, MRC Global operates as both an e-commerce and storefront retailer, with corresponding warehousing centers and distribution networks. It manages multiple acceptance channels with diverse payment processors, navigating complex international regulations, supported by a mix of ERP software systems. Max Grannan, Senior IS Director of Security and Compliance, describes the company’s focus as “very customer centric, striving to always get what customers need, when and where they need it. Whether it’s replenishing pipeline supplies for a drilling operation, rushing spare parts for a cracking plant, or fulfilling a standing order for a natural gas transport building project, we want to accept orders and payments anytime, from anywhere we operate.“ In 2014, MRC Global had $5.9 billion a year in global sales. A growing component of its sales is in EDI, E-Catalog, and web store transactions. As its customers become more acclimated to placing their orders online, that portion is expected to grow to 50% of the overall transactions in the next five years. Regardless of how orders come in, or how payments are processed, MRC Global has the same data security issues and PCI compliance responsibilities as every payment processing organization…

Industrial zone, Steel pipelines and valves against blue sky