Special: ETA 2013 Annual Meeting & Expo Planner page 20
Transaction trends The Official Publication of the Electronic Transactions Association
Health-care providers have more to worry about than PCI DSS compliance
ALSO INSIDE: New Department: Merchant’s Corner! Silver Edge’s ‘Evolutionary Tale’
Tranzlogic. Changing the conversation with merchants Transforming transaction data into actionable customer intelligence enabling merchants to identify, find, and keep the right customers. Not just logic.
Transaction trends The Official Publication of the Electronic Transactions Association
Vol. 18 | No. 3
cover story 14 Critical Condition
By Julie Ritzer Ross While more physicians, hospitals, and other health-care providers are accepting electronic payments, they are not as vigilant about protecting PII and complying with PCI DSS. Here’s how you can help these providers safeguard their data and meet reporting requirements.
FEATURES 20 Big Fun in the Big Easy
30 Special Series
By Carrie Williamson The 2013 ETA Annual Meeting & Expo in New Orleans is poised to be the largest event in ETA history. Make the most of your down time with these insider tips for attending Jazz Fest, plus recommendations on where to eat, drink, and be merry.
Startup Stories: Evolutionary Tale By John Manasso With the goal of helping small merchants stay competitive, Silver Edge partners with technology vendors to tailor creative solutions.
depar tmentS 4
A primer for merchants on the technology and value behind mobile payments solutions
Insights from ETA’s CEO, Jason Oxman
Industry News Trends, strategies, and news in the payments business and ETA member community
Ad Index Industry Insider Security and tokenization are fundamental at TrustCommerce Transaction trends | April 2013 3
Join the Business Transforming Mobile Commerce and Payments
reetings from ETA! Over the course of the past six months, ETA has seen explosive growth—more than 80 new companies have joined us, meaning that ETA now represents nearly every major company in the payments industry. New members include all four major wireless carriers, major mobile technology companies, the leading mobile wallet ventures, and companies that are driving advances in the non-mobile end of business. In addition to our growing membership, this year’s conference at the New Orleans Convention Center is our biggest meeting to date! ETA’s Annual Meeting will bring together innovators from around the world as well as organizations from every corner of the increasingly diverse payments ecosystem. If you haven’t already done so, register today—the future of your business could depend on the connections you make at the ETA show. The ETA Annual Meeting and Expo runs April 30 to May 2 and is the largest payments industry event of the year.We significantly expanded the meeting and expo this year as it grows into the hub of activity in the electronic transactions industry. More than 200 marquee brands
Editorial Policy: The Electronic Transactions Association, founded in 1990, is a not-for-profit organization representing entities who provide transaction services between merchants and settlement banks and others involved in the electronic transactions industry. Our purpose is to provide leadership in the industry through education, advocacy, and the exchange of information. The magazine acts as a moderator without approving, disapproving, or guaranteeing the validity or accuracy of any data, claim, or opinion appearing under a byline or obtained or quoted from an acknowledged source. The opinions expressed do not necessarily reflect the official view of the Electronic Transactions Association. Also, appearance of advertisements and new product or service information does not constitute an endorsement of products or services featured by the Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided and disseminated with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice and other expert assistance are required, the services of a competent professional should be sought. Transaction Trends (ISSN 1939-1595) is the official publication, published 10 times annually, of the Electronic Transactions Association, 1101 16th St. N.W., Suite 402, Washington, DC 20036; 800/695-5509 or 202/828-2635; 202/828-2639 fax. Copyright © 2013 The Electronic Transactions Association. All Rights Reserved, including World Rights and Electronic Rights. No part of this publication may be reproduced without permission from the publisher, nor may any part of this publication be reproduced, stored in a retrieval system, or copied by mechanical photocopying, recording, or other means, now or hereafter invented, without permission of the publisher.
4 April 2013 | Transaction trends
from across the payments and technology industry will unveil their latest innovations on the show floor, including Visa Inc.,AT&T, Discover Network, MasterCard Worldwide,Wells Fargo, China Union Pay, Global Payments Inc.,VeriFone Inc., First Data, Ingenico North America, ISIS, and NPC, a Vantiv Company. There are many exciting new additions to the meeting this year.The new Mobile Pay Zone will feature exhibitors that are leaders in the mobile payments sector. The Payments Next Zone will showcase innovative startups seeking to launch payments technology to serve global customers.A grant from the Bill & Melinda Gates Foundation is funding the $10,000 E-Pay Innovation Award for the most innovative startup in the Payments Next Zone.We’ve also teamed up with Strategic Solutions Network, the creators of the Mobile Contactless Payment Innovations series of events, to put on Mobile Payment Innovations 2013 on April 30, day one of the ETA show.The full-day event will feature actionable business intelligence from a wide cross section of players in the mobile payments ecosystem. The Annual Meeting & Expo will host more than 3,000 CEOs, investors, principals, payment professionals, venture capi-
talists, and members of the media from across the industry.The largest number of government officials ever in attendance at the ETA show will bring you a direct line to how events in Washington, D.C., will impact your business.This event is the hub of activity at the intersection of payments and technology, so our attendees include not only incumbent payments companies and financial institutions, but new mobile technology, telecommunications, and apps companies across the payments ecosystem. Given the rapid changes and challenges facing our industry, attendance at the ETA Annual Meeting and Expo has never been more vital to your business. Mobile commerce is expected to be a $650 billion market by 2015. Now is the time to get ready for every swipe, tap, and wave by becoming an active participant in ETA. Register today at www.electran.org/ am13, and read the preview on page 20. I look forward to seeing you in New Orleans. Kind Regards, Jason Oxman Chief Executive Officer Electronic Transactions Association
Electronic Transactions Association 1101 16th Street NW, Suite 402 Washington, DC 20036 202/828.2635 www.electran.org ETA CEO Jason Oxman Deputy Director/COO Pamela Furneaux Director, Education and Professional Development Rori Ferensic Director, Government and Industry Relations Mary Weaver Bennett Director, Membership and Marketing Del Baker Robertson Director, Communications Meghan Cieslak Publishing offices Stratton Publishing & Marketing Inc. 5285 Shawnee Road, Suite 510 Alexandria, VA 22312 703/914.9200; fax 703/914.6777
Publisher Debra Stratton Associate Publisher & Editor Josephine Rossi Contributing Editor Angela Hickman Brady Editorial/Production Associate Christine Umbrell Art Director Janelle Welch Contributing Writers Mike Cottrell, Lia Dangelico, John Manasso, Bryan Ochalla, Julie Ritzer Ross, and Carrie Williamson Advertising Sales Steve Schwanz or Fox Associates (800/440.0232; email@example.com) Fox Associates Offices Chicago 312/644.3888 New York 212/725.2106 Detroit 248/626.0511 Phoenix 480/538.5021 Los Angeles 805/522.0501
Which payment system has the flexibility & speed your merchants need?
Everyone Else. Point-of-Sale. Mobile. eCommerce. Accept Payments from Anyone, Anywhere, Anytime. SecureNet’s PayOS SM offers the most innovative payment technology operating system, enabling merchants to accept any payment type, anytime, anywhere through point-of-sale, eCommerce and mobile acceptance. Sophisticated payment APIs and flexible architecture simplify integration and empower merchants and developers to design and control their own payment roadmap while monetizing their business solution. Processing $19 billion in annual transaction volume, SecureNet enables universal commerce for over 14,000 merchants and some of the most well-known brand name partners.
Move faster with more flexibility. Move to SecureNet. Learn more about our affordable, full-service products at SecureNet.com
©2012 SecureNet. ©2013 SecureNet. All Allrights rightsreserved. reserved.
INDuSTRYnews CNP Fraud Detection Poses Challenges for Retailers As consumers continue to embrace mobile purchasing on their various devices, online retailers face growing challenges to detect fraud, according to a recent study by Mercator Advisory Group. One solution suggested in the study is to include fingerprinting technology on devices. This method of identifying users offers strong opportunities for VPN detection/proxy piercing, device associations, and number of contacts, songs, photos, etc., but weak opportunities for machine IDs and flash objects.
NFC, Mobile Among ‘Redefining’ Retail Technologies Recent developments in online and mobile technology have significantly improved the consumer retail experience, according to the 2013 Retail Technology Survey by Control Group.These technologies provide more personalized, cohesive branding and shopping, and offer retailers valuable information on consumer spending behavior. According to the survey, retailers that wish to stay competitive in the future need to embrace these seven technologies to improve service and solve persistent business problems, such as stocking issues and long checkout lines:
➊ Computer vision and facial coding ➋ Touch- and gesture-based interaction ➌ 3D projection mapping ➍ Printed electronics ➎ Wireless interactivity (RFID/NFC) ➏ Captive portal/passive analytics ➐ Mobile payments
6 April 2013 | Transaction trends
AROUND THE HORN
fast FACT U.S. e-commerce sales totaled $225.5 billion in 2012, up from $194.7 billion in 2011— almost a 16 percent gain, according to U.S. Commerce Department data.
American Express will allow members who link their cards to their Twitter accounts to make purchases by tweeting special hashtags. Billing Tree reached its 10-year anniversary and was accredited with an A+ rating by the Better Business Bureau. CSR won two awards in the 2013 Info Security Global Excellence Awards—its CSR Breach Reporting ToolKit solution took Gold in the Most Innovative Security Service category and its PCI ToolKit solution took Bronze in the PCI Compliance category. Dejavoo Systems’ V Series product line of terminals was certified by EZCheck. First Data Independent Sales and Mercury Payment Systems have partnered with uTouchPOS to offer the complete uTouchPOS “Business Starter Bundle” POS system. Gemalto will partner with CaixaBank, Telefonica, and Visa Europe to present a contactless payments app to be used by 3,500 delegates at the Mobile World Congress. Heartland Payment Systems’ Chief Security Officer John South was named 2013 CSO of the Year by SC Magazine. MasterCard Advisors announced a new partnership with Mu Sigma to develop page analytics solutions. Paydiant announced that its mobile wallet solution has been integrated into Menusoft’s restaurant management and POS software system. ProfitStars introduced Gladiator Managed IT Services, a team to optimize, manage, and maintain sophisticated, integrated multi-vendor and multi-platform information technology environments. ROAM Data announced the launch of a Professional Services Group to help clients integrate mobile technology into their businesses. SecureNet introduced its PayOS payments solution that directly connects major card networks available in the market. Signature Card Services will be the exclusive payments solutions partner for the International Association of Certified Home Inspectors.Total System Services announced it will purchase prepaid debit card provider NetSpend for $1.4 billion. VeriFone Systems will partner with SK C&C, a Koreabased global IT services company, on mobile wallet acceptance, services, and platforms. Visa will introduce a Cloud-based digital wallet service in the U.K. this year, and also is looking at a mainstream launch for NFC services throughout the country.
Looking for an innovative gateway? •
Express Checkout and Bill Me Later® payment options help merchants increase sales and average order size.
Give merchants access to 117 million active PayPal buyers.
Capitalize on competitive buy rates and revenue share models.
All payment gateways aren’t created equal. Payflow offers more innovative ways to help merchants get paid – and for you to make money.
We want to partner with you. Call 1-855-456-1327. www.paypal.com/payflowpartner
News from the association
ETA Releases Mobile Payments Resources
ETA’s Mobile Payments Committee released three valuable whitepapers for businesses as they navigate the mobile payments industry, including Best Practices and Guidelines for Mobile Payment Solutions; Beyond the Hype: Mobile Payments for Merchants; and Mobile Payments Glossary of Terms.These documents can be accessed online at www. electran.org/mobile-payments.
ETA Reacts to Government’s Switch to Electronic Payments n
CALENDAR : 2013 ETA Annual Meeting & Expo Ernest N. Morial Convention Center New Orleans, LA April 30-May 2, 2013 www.electran.org/am13 2013 ETA Strategic Leadership Forum Montelucia Resort & Spa Scottsdale, AZ October 15-17, 2013
The U.S. government has implemented a new electronic payments system for all government assistance beneficiaries, allowing checks to be directly deposited into bank accounts or put onto debit cards. ETA CEO Jason Oxman released the following statement in response to the switch, which took place March 1, 2013. “Today marks the culmination of a three-year process to switch government beneficiaries, like Social Security recipients, from paper checks to electronic payments. The switch signifies a major endorsement by the federal government of the security, convenience, and affordability of electronic payments. The move from paper to electronic payments will save the government an estimated $120 million annually and provide a safe, easy-to-use, and environmentally sound method for people to receive government benefits.This marks a great step forward for the industry and the economy as we continue to move away from paper money and toward electronic transactions.”
ETA is pleased to welcome the following companies to its membership.To inquire about a membership with ETA, please contact Del Baker Robertson, director of membership and marketing, at firstname.lastname@example.org. ATM Link Inc. Houston, TX www.atm-link.com Clear Payment Solutions Jacksonville, FL www.myclearpayments.com Cloud Exchange Technologies LLC Germantown, TN Community Bankers Merchant Services Springdale, AR www.merchantprocessing.com Credorax Southborough, MA www.credorax.com
Equipment Engine Financial Services Company LLC Portsmouth, NH www.equipmentengine.com
JR’s POS Depot Fort Lauderdale, FL www.jrposdepot.com
Norse Corp. St. Louis, MO www.norse-corp.com
Satori Capital Plano, TX www.satoricapital.com
FeedZai Redwood City, CA www.feedzai.com
Kubra Eden Prairie, MN www.kubra.com Merchant Industry LLC Astoria, NY www.merchantindustry.net
OMEGA Processing Solutions Fort Thomas, KY www.omegap.com
Simply Charged Roseville, CA www.simplycharged. net
Payment Principals LLC New York, NY www.payprin.com
The OLB Group New York, NY www.olb.com
Finsphere Corporation Bellevue, WA www.finsphere.com First Merchant Card Services LLC St. Charles, IL www.firstmcs.com IOU Central Business Lending Kennesaw, GA www.ioucentral.com
8 April 2013 | Transaction trends
Mozido LLC Austin, TX www.mozido.com
People’s United Bank Rutland, VT www.peoples.com
Natural Security Las Vegas, NV www.naturalsecurity. com
PITOOEY! Inc. Phoenix, AZ www.pitooey.com
NCMIC Finance Corporation Clive, IA www.ncmic.com
Premier Payment Systems Oak Brook, IL www.ppsbankcard. com
TheECheck.com LLC Cleveland, OH www.theecheck.com
2012 - $32 Billion processed annually for nearly 300,000 businesses 2012 - EVO acquires Deutsche Card Services (DeuCS) opening up to 39 countries worldwide, becoming... EVO Payments International 2012 - EVO acquires PowerPay 2012 - EVO chooses Deutche Bank as its new BIN sponsoring bank 2009 - $20 Billion processed annually for over 235,000 businesses 2008 - EVO’s international expansion begins with the opening of EVO Canada
JOIN US FOR THE NEXT
BE A PART OF THE EVOLUTION
CALL TODAY! Paul Compton - Executive VP of Sales
www.goevo.com • ISO Relationships • Alliance Partnership Programs • Daily Bonus Programs • Profit Sharing • Daily Signing Bonuses • Annual Trips • Investment Opportunities • EVO Sales University • EPIC Portfolio Manager • Accelerated Funding • Security
2004 - $10 Billion processed annually 2004 - EVO’s first telecenter opens, driving leads to its partners 2004 - MSI is re-branded to EVO Merchant Services, differentiating itself from the competition 2003 - 24 hour technical support and customer service built in-house 2002 - Alliance partnership programs started and sets the standard for all portfolio builders
2000 - Risk department is brought in-house 1999 - Underwriting department issues its first merchant number 1990 - Terminal and supply deployment department created 1988 - MSI (now EVO) processes first merchant application
Mobile Payments for Merchants
Understanding the value and technology behind mobile payment solutions By Mike Cottrell
ardly a day goes by without some news from the world of mobility. It seems that everyone is betting on mobile payments, and the capital flowing to mobile application developers, service and payment providers, and platforms rivals that of the early days of the Internet. Today, more than 6 billion people globally have mobile phone subscriptions. More people have access to a mobile phone than have access to traditional wired Internet. Smartphone proliferation is leading the charge. As with the early Internet, the surge is not as much about making immediate money or capturing market share; it’s about capturing and controlling mobile consumer information. The result is a dearth of competing technologies, an unclear business case for many applications, and frustration among consumers and merchants as they seek to capitalize on the benefits of mobile payments.
The Benefits For merchants, the payments acceptance process has typically been a limited discussion. While various components were required, the ability to accept different forms of payment was fairly easy to manage, and loyalty programs, if existing at all, were simply a punch card. The proliferation of smartphones and mobile consumers, however, is changing that. Consumers are now in a position to drive how they want to pay. The effect social media has on decisionmaking is one of the major factors for this change in consumer behavior. Instant rewards, electronic coupons and rewards, daily deals, and location-based or timebased offers have become increasingly popular. Many consumers are willing to share purchase information with the thirdparty providers delivering these services, and easy redemption at the point of sale via smartphone is a compelling proposition. Another driver is the ability to make purchases instantly through apps or the mobile web, rather than waiting in line or walking the show floor. Young tech10 April 2013 | Transaction trends
savvy consumers do not want to print out their rewards, nor do they want to be told how to pay. They have access to a mobile wallet that contains all of their offers as well as the ability to pay directly through their smartphone. A merchant’s value proposition for accepting mobile payments or implementing a mobile loyalty solution varies depending upon the business type. One benefit is access to better customer data through easy-to-implement loyalty programs with robust reports. These typically provide the ability to communicate offers and information to customers when and how they want. The speed of checkout can be improved when merchants automate the process of coupon redemption with their electronic payment, and mobile devices provide a higher level of security than the traditional mag-stripe. Accepting mobile payments also provides for greater flexibility at the POS, allowing consumers to check-out anywhere in the store or to place and pay for orders in advance for later pickup. Unfortunately, none of this takes place without configuration of systems and a basic knowledge of mobile payments.
Technology Considerations Understanding mobile payments begins by learning the various terms and acronyms used by the industry. Mobile payments start with a mobile wallet, which is a function or application residing on the consumer’s handset that allows the consumer to access stored payment information, personal information, loyalty cards, gift cards, rewards, and coupons.The information in the wallet may be stored on the mobile device itself, or on a remote web server, also known
as the Cloud. The consumer accesses the wallet by entering a password that initiates an authentication process with the wallet provider. Once authenticated, the consumer selects the payment method (or loyalty information) to be used. Information is then transmitted to the back-office servers of the POS through one of these three methods: • Near Field Communications. NFC is a radio technology designed for speed. It’s similar to Bluetooth, but made for shortrange communications. This is the same technology found in the contactless credit cards issued by MasterCard and Visa. Once initiated by the consumer, NFC requires a simple “tap and go” of the mobile device onto a contactless reader attached to the POS or credit card terminal. Support for NFC typically only requires that the merchant upgrade its credit card terminal or POS with a contactless reader capable of supporting NFC. This same reader also should be capable of supporting contactless cards. • Barcode or QR Code. Some wallets do not use radio communications to send data to the POS. These wallets instead provide a one-time use QR or barcode to initiate the transaction. Once the payment type or coupon/reward is selected
The Isis Mobile Commerce Platform offers your merchants the opportunity to build more customer loyalty, increase customer engagement and mobilize their existing rewards cards and offers. And with our industry relationships, we’re positioned to provide you with the innovations that your merchants want today. So why not stay a step ahead? Reap the benefits of partnering with Isis and join us on our mission to be the industry’s most widely accepted mobile commerce platform. TM
Learn more at isisforbusiness.com or visit us in Booth #807 at the 2013 ETA Annual Meeting & Expo Isis, Isis Mobile Commerce Platform, Isis Mobile Wallet, Isis Pay Smarter and the associated Isis logos are trademarks of JVL Ventures, LLC. Contactless Symbol is property of EMVCo, LLC. © 2013 JVL Ventures, LLC.
MERCHANT’S Corner by the consumer, a barcode is displayed on the screen to be scanned by the merchant. Support for this method requires the merchant to have a scanner capable of reading the code and programming in the system capable of utilizing the barcode as a tender type. • The Internet.The remaining solution is a bit more complicated. Once the consumer selects a payment method, the mobile device sends a request to the server housing the wallet indicating a payment is to be sent to the particular merchant. The server sends the information to the POS through the Internet for completion of the sale or redemption of the reward or coupon. Support for this solution requires changes in the POS, the POS back office, and at the point of interaction.
Audience and Goals Because supporting any mobile payment acceptance requires some sort of systems or organizational change, merchants need to decide where to concentrate their efforts. Before making any changes, they need to understand their typical customer or target customer segment. If their target market is senior citizens, then perhaps mobile payment acceptance is not worth the
effort. On the other hand, if their target demographic is 18- to 35-year-olds, this group is typically tech-savvy and values their mobile device as part of their daily life. After determining if consumers are “likely” adopters, merchants also need to evaluate their goals for mobile payment acceptance. Some are looking to streamline their daily deal program and coupon redemption process. Others are in need of a marketing communications program or have loyalty programs that lack metrics and data. Some merchants may want to target consumers based on their physical location, while high-volume merchants may want to streamline the ordering process for in-store pickup or use NFC to speed the process of moving customers through their checkout line. Taking the time to understand their goals upfront will help merchants evaluate prospective vendors. With more than 120 mobile wallet providers operating in the United States, choosing one is no small task. Some experts recommend supporting wallets issued by the major card brands.As banks and the card brands integrate their wallets with the handset manufacturers, this is a path of least resistance for consumers. Beyond support for the major card
brand solutions, merchants should explore solutions by reputable providers that meet their other business needs.They also need to consider the consumer’s perspective. For example, if the merchant elects to issue its own wallet or only support a wallet tied to a proprietary or closed-loop loyalty program, does this provide sufficient value for consumers, and is it likely to be used? This is an especially important consideration if the consumer already has a wallet from a major card brand or solution provider and may be hesitant to embrace more. To help merchants and consumers navigate the mobile payment ecosystem, ETA’s Mobile Payments Committee works to enhance business relationships and network interoperability among merchants, card brands, networks, equipment manufacturers, and financial institutions. ETA published a whitepaper that discusses mobile payment technologies in deeper detail. Find it online at www.electran.org/mobilepayments. TT Mike Cottrell is VP of business development for TriSource Solutions and a member of ETA’s Mobile Payments Committee and Education Committee.
Learn more at apriva.com or call us at 877-277-0728
Security. Connectivity. Mobility.
ATTRACT MORE MERCHANTS TAILOR-MADE POS SOLUTIONS GIVE YOUR MERCHANTS THE ABILITY TO SELL ANYTHING, ANYWHERE Wireless Terminals • Secure Gateway • Cashless Vending • Mobile Payments • Mobile Wallet
12 April 2013 | Transaction trends
[ COVER STORY ]
With health-care data breaches estimated as high as $7 billion annually, technology firms and ISOs prescribe healthier tools and processes for medical providers
By Julie Ritzer Ross
he health-care realm has become a healthy vertical market for electronic payments. Electronic payments have increasingly made headway among physicians, hospitals, and other health-care providers, but these entities have more to worry about from a data security standpoint than PCI DSS compliance, says Linda Grimm, director of consulting services for CSR, which provides data compliance solutions and services. That’s because medical records and other files maintained by health-care providers contain a category of data known as Personally Identifiable Information (PII)—any information about an individual maintained by an agency, including that which can be used to distinguish or trace a person’s identity (e.g., name, Social Security number, date and place of birth, mother’s maiden name, or biometric measures) or is linked or linkable to an individual (e.g., medical, educational, financial, and employment data).
14 April 2013 | Transaction trends
A few recent developments highlight health-care providers’ susceptibility to data breaches, says Grimm. For example, providers increasingly are adopting electronic health records (EHRs), thanks in part to an incentive program introduced by Centers for Medicare and Medicaid Services. Providers had until Oct. 3, 2012, to begin demonstrating their participation in the incentive program to be eligible for a maximum of $44,000 in EHR system reimbursement. Those that don’t adopt EHR by 2015 will see an initial 1 percent reduction in their Medicare payments; the reduction will increase by an additional 1 percent annually to a maximum of 5 percent. In addition, more hospitals, individual medical practitioners, and others are adopting mobile devices—from laptops to tablets to smartphones. Software for the devices includes everything from patient registration and charting to remote monitoring of conditions. Complicating matters even more, health-care providers must adhere to the Health Insurance Portability and Accountability Act, enacted by Congress in 2006, and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Along with directives for the administrative simplification of health data, HIPAA includes provisos for maintaining the privacy of medical records, regardless of media type, as well as for preserving the security of electronic health data. A Privacy Rule within HIPAA is meant to preserve PII as it moves through the health-care system, and a Security Rule outlines administrative procedures, technical security mechanisms and services, and physical safeguards to protect PII. HITECH, an extension of HIPAA coverage, addresses third-party access to PII, increases compliance obligations, and strengthens enforcement penalties. The Department of Health and Human Services’ Office of Civil Rights (OCR) has become far more aggressive in enforcing HIPAA Privacy and Security Rules. Resolutions with hospitals, health plans, and pharmacies have included civil penalties of as much as $1 million, but many smaller providers have been allowed to rectify their
security issues without paying monetary damages for data security breaches and other HIPAA/HITECH violations. That’s no longer the case. Phoenix Cardiac Surgery, a five-physician practice, was recently fined $100,000 for having failed to implement adequate policies and procedures to protect patient information; to document that it had trained employees on HIPAA Privacy and Security Rules; to identify a security official within the practice and conduct a risk analysis; and to obtain any business associate agreements for its Internet-based email and scheduling services. “The OCR has started auditing healthcare providers, and the fines for compromising records, let alone data breaches, are stiff,” Grimm says.“For compromising fewer than 50 records, the fines can be more than $50,000. Penalties and jail time” are not beyond the realm of possibility.
Prescriptive Measures Health-care providers’ data security and privacy needs open new doors for ISOs, but gaining entrée may require establishing partnerships with other entities, such as solution providers, value-added resellers, and even banks. Bundling data protection and security solutions may be the ticket, especially when it comes to meeting the needs of
KEY NOTES 8
Recent developments, including increased EHR adoption, highlight health-care providers’ susceptibility to data breaches.
The variety of data security and related solutions geared specifically toward the health-care segment continues to expand.
ISOs can play an important role in helping health-care entities develop appropriate processes and procedures to safeguard data and meet reporting requirements.
Transaction trends | April 2013 15
[ COVER STORY ]
Code Blue By some accounts, the state of health-care data security is shaky and far worse than in other industries. In December of 2012, The Washington Post released the results of a yearlong examination of cyber-security. Study findings indicate that health care is among the most vulnerable industries in the United States, in part because it lags behind other segments in addressing known problems. “I have never seen an industry with more gaping security holes,” Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University, told the newspaper when it revealed the study findings. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.” Other statistics paint a similar picture. Notably, the Privacy Rights Clearinghouse pegs the total number of health-care industry data breaches for 2011 and 2012 at 419, with more than 8.1 million records compromised. This, according to the nonprofit group, is roughly equivalent to the number of records exposed in the financial services and insurance sector, meaning that health-care providers have already become a common target for cybercriminals. Similarly, the “Third Annual Benchmark Study on Patient Privacy & Data Security,” released by The Ponemon Institute, a privacy, data protection, and information security policy consultancy, reveals that 94 percent of health-care organizations have experienced at least one data breach and nearly 50 percent have been hit with more than five breaches in the past two years. In the firm’s estimation, the cost of such breaches is now $7 billion per year, an increase of more than 15 percent over the past three years. Moreover, HHS data indicates that about 21 million patient records have been compromised in health-care data breaches since 2009. According to Lisa Gallagher, senior director of the Healthcare Information and Management Systems Society, an additional 40 to 45 million patient records may have been compromised in smaller data breaches involving 499 or fewer records. This estimate is based on reports from health-care organizations, Gallagher notes.
16 April 2013 | Transaction trends
the small to midsize health-care provider market, suggests Michael Trilli, a principal at Aite Group. Bundled solutions might include intrusion prevention/detection applications and firewall and user access control tools as well as disaster recovery, wireless security, and electronic signature security applications. The variety of data security and related solutions that are designed to safeguard PII and/or are geared specifically toward the health-care segment continues to expand. For example, Sunnyvale, California-based Good Technology has developed Good for Enterprise, a mobile device security application that separates patient and corporate data from employees’ personal information. Data in the former two categories are maintained in a password-protected, encrypted “container,” and the configuration is such that individuals with access to the “container” cannot cut, copy, or paste the data to other locations or files residing on their devices.The solution also facilitates password administration and the remote wiping of lost or stolen smartphones, tablet computers, and laptop computers. Similarly, Vormetric, of San Jose, California, has rolled out Vormetric Data Security for HealthCare, which secures sensitive data across business lines (e.g., between health-care providers and insurers) and heterogeneous systems. This occurs through the encryption of data in any file, database, or application—including those in physical, virtual, and Cloud infrastructures; decryption tools (keys) are kept in a secured “vault.” Other capabilities include access control, and reporting on who is using data and for what purpose. Meanwhile, DigitalPersona, based in Redwood City, California, now offers a health-care-oriented version of its DigitalPersona Pro Enterprise suite of centrally managed authentication and access management tools, all of which are administered through Microsoft Active Directory. An EHR protection component uses access control methods such as biometrics (fingerprint readers) and proximity cards to prevent unauthorized access to PII. In a somewhat different category is ForeScout CounterACT, from ForeScout Technologies of Cupertino, California.The solution identifies, assesses, and applies appropriate network access controls in
[ COVER STORY ] accordance with built-in policies based on user, device, system, and application attributes, without the need to run software on endpoint devices (including patient monitoring systems). Network resource access can be monitored and reported on from a single console.The product also integrates guest networking, mobile security, and endpoint security capabilities. And then there’s ID Experts, headquartered in Portland, Oregon, which offers Radar, a web-based incident risk assessment, documentation, and reporting tool that standardizes the process of analyzing, documenting, and reporting privacy-related events in compliance with the HITECH Act. Radar functions as a central repository for all incident-related information and management reporting, including accessing HIPAArelated incidents, to determine when notifications are needed or if they need to be reported to HHS. Supporting data for HHS OCR are collected and managed.
Doctor’s Orders But just as the scope of data security requirements in the health-care segment extends beyond PCI compliance, ISOs’ role in helping providers with security needs transcends product offerings. “There has to be a consultative and service aspect,” Grimm observes. Here’s how ISOs can help clients: • Assistance in developing and enforcing data handling and security policies and procedures. Implementing appropriate technology is essential, but many health-care providers may not understand the importance of policies and procedures.“Policy is as important as putting the technology in place,” notes Bob Krenek, senior director at Experian Data Breach Resolution in Costa Mesa, California. Some health-care organizations look to third-party firms for assistance in executing periodic mock data breaches designed to test the resilience of their technology and the ability of employees to follow policies and procedures intended to prevent data breaches of any kind. Grimm adds that ISOs should sell health-care clients on the idea of consultative services pertaining to policies and procedures by pointing out that most health-care data compromises 18 April 2013 | Transaction trends
stem from the innocent and seemingly simple mishandling of data by employees. She recalls an instance in which a staff member at a physician’s office inadvertently transmitted to her company a document that contained sensitive data. “Some mishandling of data is hard to avoid,” she says. “For example, someone will take a laptop with PII on it on the subway and have it stolen. However, in many cases, policies do make a difference.” • Breach insurance services. Data breach insurance typically covers data breach response costs, as well as regula-
CSR Breach Reporting ToolKit, which gathers the facts pertaining to a breach incidence to determine the proper reporting based on specific breach circumstances. Mandated reporting letters are crafted to meet required specifications and delivered to the proper authorities within timelines on organizations’ behalf. • Risk assessment and analysis services. In addition to initial assessments and analyses, health-care providers require follow-up examinations as they deploy new devices and equipment, as well as when they alter the manner in which physicians, other medical staff, and ad-
“Some mishandling of data is hard to avoid. For example, someone will take a laptop with PII on it on the subway and have it stolen. However, in many cases, policies do make a difference.” —Linda Grimm, CSR
tory and legal fines and liability resulting from each incident. Different policies have different limitations. For instance, some policies may include third-party or contractor breaches, offline or nontechnical breaches, and breaches from lost devices, such as laptops, flash drives, tablets, or mobile phones. • Breach reporting services. Under the HITECH Breach Notification Rule, covered entities must “report an impermissible use or disclosure of protected health information, or breach, of 500 individuals or more to HHS and the media.” Smaller breaches affecting less than 500 individuals must be reported annually.“Health-care providers need to have these services so that if and when breaches occur, they are reported to the right entity, but few have the wherewithal to do it themselves,” Grimm says. CSR offers acquirers for resale the
ministrative personnel access information (e.g., migration from desktop PCs to virtual “desktops” whose contents may be viewed no matter where in a facility an individual may be). The migration to EHRs has created a heightened need for risk assessment and related assistance. In order to attain Meaningful Use status and, in turn, avail themselves of Meaningful Use incentives, health-care providers must complete a risk assessment and plan. “Most have not done that,” says Joe Dylewski, practice director for Healthcare Management, a medical and technology consulting organization in Grand Rapids, Michigan.“There remains” a lot of work to be done. TT Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at email@example.com.
[ TRAVEL FEATURE ]
Big Fun in the
Sample itinerary and insider tips for after hours in New Orleans By Carrie Williamson
20 April 2013 | Transaction trends
ot on the heels of hosting Super Bowl XLVII, New Orleans is buzzing. And the 2013 ETA Annual Meeting & Expo, being held at the Ernest N. Morial Convention Center April 30– May 2, couldn’t come at a better time.
Sandwiched in between the two weekends of the 44th Annual New Orleans Jazz & Heritage Festival presented by Shell, this year’s event is happening when the city is at its very best. The gumbo of musical genres—jazz, blues, funk, international, Cajun, Zydeco, brass band, rock, alternative, and gospel—draws a sophisticated crowd of visitors. Even if you don’t arrive early or stay on to partake, there is plenty of music to be enjoyed throughout the week. Clubs are booked solid with local legends like Sonny Landreth, Kermit Ruffins, and Dr. John. Plus, you just never know who you might find even at a true hole-in-the-wall like the Apple Barrel, where Tom Jones belted out several songs while in town for the festival in 2011. But the Big Easy has a lot more to offer ETA members than just a world-class music scene. The National World War II Museum, the city’s top tourist attraction, recently opened the U.S. Freedom Pavilion: The Boeing Center, an exhibit that explores how Americans supported the war effort at home. For shopaholics, Michael Kors is one of the latest designer boutiques to open in The Shops at Canal Place, the au courant alternative to browsing the antique stores that line Royal Street in the French Quarter.
Architecture lovers can expand their horizons by checking out New Orleans’ charming neighborhoods, too.A stroll through the Garden District, block after block of old Colonial raised cottages, Greek Revival homes, and a few unusual Gothic gems, is the most pleasant way to spend an afternoon. In Uptown, Bayou St. John, and the Central Business District (CBD), foodies will find a bevy of restaurants to satisfy their taste buds. Upscale eateries like Gautreau’s, Café Degas, and MiLa are innovative originals that rival anything renowned Galatoire’s, Antoine’s, and Arnaud’s can dish up. Make plans now to attend the Annual Meeting & Expo by visiting www.electran.org/am2013. And when you are not getting a premier education or networking, here are some suggestions for taking in the best of what NOLA has to offer.
MONDAY, APRIL 29 Whether you are wrapping up after a day at ETA University or just arriving in town, Monday night features one of the highlights of Jazz Fest week—the Tipitina’s Foundation Instruments A Comin’ fundraiser. Held at the iconic Tipitina’s club in Uptown,
Transaction trends | April 2013 21
Ogden Museum of Southern Art
Jean-Paul Gisclair and NewOrleansOnline.com
Kurt Coste and NewOrleansOnline.com
Patrick’s Bar Vin at the Hotel Mazarin
this event raises money for the top bands and orchestras of local schools to buy instruments. The evening begins at 6 p.m. with a block party amid the palm trees, featuring food trucks, a silent auction tent, and the “Battle of the Bands,” where marching bands like the Purple Knights of St.Augustine High School, a musical mill that has produced many New Orleans legends, take turns performing. The fun continues indoors at a benefit concert by the crème de la crème of New Orleans bands—Walter Wolfman Washington & the Roadmasters, Dumpstaphunk, and Big Sam of Big Sam’s Funky Nation, whose high-energy trumpet performance can’t be missed.
you will meet during your stay.
TUESDAY, APRIL 30
WEDNESDAY, MAY 1
Although the President’s Dinner isn’t scheduled to finish until 10 p.m., the good news is that the bands at most clubs and bars are just getting started for a long night of playing. Head to Frenchmen Street, where a dozen clubs Storyville District Shrimp Po-Boy line three blocks, each one featuring homegrown acts performing everything from jazz to rhythmand-blues to rock, with street musicians adding to the lively scene. Just looking for a nightcap? Check out the Victory Bar in the CBD, a retro cool speakeasy opened by former Ritz-Carlton bartender, Daniel Victory. Serving the best craft cocktails in the city, Daniel whets your taste buds with a cocktail appetizer, a small pour of the concoction of the night. Closer to Hilton Riverside is Patrick’s Bar Vin, a wine bar tucked away in the Hotel Mazarin that is so charming many locals frequent it. Host Patrick Van Hoorebeek may be as sophisticated as the wine list, but he also is one of the most delightful people 22 April 2013 | Transaction trends
After the ETA/Discover party, grab a cab and head out for a fabulous meal at one of these three beyond-the-tourist-track neighborhood restaurants: Uptown. Reserve a table at Gautreau’s, where James Beardnominated chef Sue Zemanick prepares one exquisite course after another, innovative interpretations of American, French, and New Orleans classics. Located on a residential street with no sign out front, walking into the intimate dining room filled with men in seersucker suits and women in heirloom jewelry makes this restaurant feel like a private club. Bayou St. John. Enjoy the lovely covered terrace dining room, charming waiters, and expertly executed French fare (often with a twist) at Café Degas. Begin your meal with a classic cocktail from Nick, one of the best bartenders in the city, and then check out the specials of the day. If mirliton bisque with crab claws, housemade fois gras terrine with truffles, or flash-fried soft shell crab is on the menu, order up! CBD. Tucked away on a side street in the Renaissance New Orleans Pere Marquette Hotel, MiLa Restaurant is no ordinary hotel dining experience. The culinary powerhouse of chefs
0 iOS Compatible Portable and Desktop Printing
Solutions for the Payment Processing Industry
Revolutionary portable Bluetooth printers compatible with all operating systems (iOS , Android™, Windows®) including devices such as the Apple iPad®, iPhone® and iPod touch®. Compatibility with iOS is a result of Apple Inc.’s MFi certification of the SM-S220i portable printer and TSP650II BTi desktop printer. Star offers mobility to POS whether fixed terminals or mobile printing solutions are used. From simple integration of iOS devices with fixed POS terminals in retail or hospitality applications to mobile printing solutions for deliveries, restaurant / café table service, event ticketing and mobile payments.
SM-S220i 2” Portable Bluetooth Printer ■ 2"/ 58mm Portable Printer ■ High Speed: 80mm/second ■ 33% longer battery life ■ Bluetooth SPP / Serial Connections Available ■ Backlit LCD Display ■ Apple MFi Certified – Pairs with all Bluetooth SPP devices as well as iPad®, iPhone® and iPod® touch
TSP650II BTi Desktop Bluetooth Printer ■ High Speed: 300mm/second ■ Highly Reliable Auto Cutter ■ Bluetooth SPP / Serial Connections Available ■ Includes Installation CD with Full Driver Suite and Configuration Utility
■ Apple MFi Certified - Pairs with all Bluetooth SPP devices as well as iPad®, iPhone® and iPod® touch
Compatible with all Operating Systems supporting Bluetooth SPP
Star Micronics America, Inc. 1-855-809-2010 firstname.lastname@example.org © 2013 Star Micronics America, Inc.
All Rights Reserved. All trademarks are property of their respective owners. Specifications are subject to change without notice.
[ TRAVEL FEATURE ] THE DETAILS Gautreau’s Uptown 1728 Soniat Street 504/899.7397 www.gautreausrestaurant.com Casamento’s Uptown 4330 Magazine Street 504/895.9761 Café Degas Bayou St. John 3127 Esplanade Avenue 504/945.5635 www.cafedegas.com Parkway Bakery and Tavern Bayou St. John 538 Hagan Avenue 504/482.3047 MiLa Restaurant CBD 817 Common Street 504/412.2580 www.milaneworleans.com Continued on page 26
Guided New Orleans Cocktail Tour
Slade Rushings and Allison Vines-Rushings consistently churn out some of the city’s most interesting dishes, using seasonal ingredients in their Southern-meets-French fare. Two standouts include New Orleans barbecued lobster with lemon confit and sweet tea brined rotisserie duck. Feeling casual? Don’t miss the local joints. From an oyster loaf at Casamento’s to a roast beef po-boy at Parkway Bakery or a buckboard bacon melt at Cochon Butcher, some of the best fare in the city is served as a sandwich.
THURSDAY, MAY 2 There are many ways to while away the afternoon and evening after the exhibit hall closes, but these three events can’t be beat:
Jazz Fest. If you didn’t catch the first weekend and aren’t staying for the second, high tail it to the fairgrounds for locals’ day at Jazz Fest, when the crowds aren’t so insane and the music is still world-class.With the festival just beginning at 11 a.m., there is plenty of time to catch the big name acts—Widespread Panic, Patti Smith, and Roy Ayers—as well as local legends like the Dirty Dozen Brass Band, Zydeco accordionist Geno Delofose and the French Rockin’ Boogie, and Henry Butler, one of the mightiest piano players in the world. Plus, some of the best food in New Orleans is dished up only at Jazz Fest. Ogden Museum of Southern Art. One of the most fun nights of the week is the Ogden Museum’s Ogden After Hours, which
See Us At
eProcessing Network Cloud – Enabling the Real World eProcessing Network offers fully-integrated payment solutions allowing merchants to process anything, anywhere and at anytime! And with ePNRetail, our secure, retail payment processing application, merchants can easily integrate the business solutions they need with pricing that won’t sky-rocket out of the stratosphere. eProcessing Network – The everywhere Processing Network, Anywhere Merchants do Business.
24 April 2013 | Transaction trends
(800) 296-4810 eProcessingNetwork.com
ApriL 30 – MAy 2, 2013 ErnEST n. MoriAL ConvEnTion CEnTEr nEw orLEAnS, LA
mobile + tech + commerce The FUTURE of Payments is HERE
T o d Ay
2011 Strategic Leadership Forum
∙ 1 ∙
Electronic Transactions Association
[ TRAVEL FEATURE ] features a New Orleans band performing up-close-and-personal from 6-8 p.m. Locals and Jazz Festers crowd the stunning atrium designed by George Ohr, making it feel like a private party. The $10 entry fee also allows you to wander through the galleries. Fun cocktails, wine, and local craft beers are on sale, both in the main hall and on the fourth-floor terrace, where you can sip your mint julep while gazing out on the statue of Robert E. Lee on Lee Circle. The Cocktail Tour—It may seem counterintuitive to take a cocktail tour in a city like New Orleans, but this is no Bourbon Street pub crawl. Historian Elizabeth Pearce, who formerly worked at the Southern Museum of Food and Beverage, leads an entertaining tour based on a cabaret she created that tells the history of New Orleans through drink and song. Each participant is kitted out with a soft cooler of pre-mixed libations that made the city famous (St. Charles punch, Sazerac, Hurricane, Praline liqueur), which they imbibe at the appropriate spot that marks that time in cocktailing history. Carrie Williamson is a New Orleansbased freelance writer.
Cochon Butcher CBD 930 Tchoupitoulas Street 504/588.7675 www.cochonbutcher.com
Victory Bar CBD 339 Baronne Street 504/522.8664 www.victorycocktails.com Patrick’s Bar Vin French Quarter 730 Bienville Street 504/200.3180 www.patricksbarvin.com Liuzza’s By The Track Bayou St. John 1518 N. Lopez Street 504/218.7888
Tipitina’s Foundation Instruments A Comin’ Tipitina’s Uptown 501 Napoleon Avenue 504/895.8477 www.tipitinas.com
CSR REVENUE KING Be a
Ogden Museum of Southern Art CBD 925 Camp Street 504/539.9600 www.ogdenmuseum.org The Cocktail Tour French Quarter 504/578.8280 www.thecocktailtour.com The National World War II Museum Arts District 945 Magazine Street 504/528.1944 www.ddaymuseum.org The Little Gem Saloon CBD 445 S. Rampart Street 504/267.4863 www.littlegemsaloon.com The Shops at Canal Place French Quarter 333 Canal Street www.theshopsatcanalplace.com
To learn more about the PCI ToolKit™ and CSR Breach Reporting ToolKit™ solutions and other CSR consulting services, please telephone +1.866.462.7774 or email email@example.com today!
Come See Us at Booth #1044
www.csrcorporate.com 830 NE Pop Tilton Place / Jensen Beach / FL / 34957
LET COMPLIANCE REVENUE RULE! 2013 CSR Ad ETA King horiz Trans Trends.indd 26 April 2013 | Transaction trends
© 2013 CSR. All rights reserved. CSR is a reference to the corporati on CSRSI, Inc. CSR™, PCI ToolKit™ U.S. Patent No. 8,296,244 and CSR Breach Reporti ng ToolKit™ patent pending are trademarks of CSR. V022513
2/11/13 7:05 PM
Isis allows consumers to carry their credit cards, loyalty cards and offers all on their smartphones. Then, in-store, submit everything with a simple tap at the point of sale using Near Field Communication (NFC) technology. With the support of three of the four major wireless carriers, the four major U.S. payment networks, leading card issuers and hundreds of forward-thinking merchants, we have the scale to drive widespread consumer adoption. So all thatâ€™s missing is you. Bring the Isis Mobile Wallet to your merchants, and bring more customers into their stores. TM
Learn more at isisforbusiness.com or visit us in Booth #807 at the 2013 ETA Annual Meeting & Expo Isis, Isis Mobile Wallet, Isis Pay Smarter, Isis Cash and the associated Isis logos are trademarks of JVL Ventures, LLC. ÂŠ 2013 JVL Ventures, LLC.
[ TRAVEL FEATURE ]
Even if you have never been to NOLA or Jazz Fest, it’s easy to partake like a longtime New Orleanian. These local tips will help you make the most of your visit.
Sucking Crawfish Tails at Jazz Fest
n Pick up a free copy of OFFBEAT
n Try to bring in food or drinks, as they
Magazine. Known as the “Jazz Fest Bible,” it features day-by-day listings of the acts with a short blurb about each, which will help you weed through the daunting array of performances. Rip out the map of the stage layout for easy reference. n Grab a frozen daiquiri or a legendary Bloody Mary, strong and spicy, at Liuzza’s By the Track. Just a few blocks from the festival entrance, this block party is a great way to begin or end your day. n Begin your day as tradition dictates with a bowl of Crawfish Monica. Often imitated but never duplicated, it is spicy, creamy, and delicious. It is also the perennial meeting spot (if we get separated, meet me at Crawfish Monica). n Wait in line for a Cochon de Lait Po-Boy. The tangy cole slaw forked over succulent bits of pulled pork and served on crusty French bread is a marriage made in heaven. n Head into the Clubhouse for a dose of air-conditioning, a real bathroom, a quality draft beer, and an actual seat under the covered Lagniappe Stage. It is the ultimate Jazz Fest breather. n Consider buying one of the VIP packages.With amenities like VIP seating, parking, and access to a hospitality tent, they ensure seeing the big acts in style.
will be confiscated. Besides, culinary riches and a bevy of beverages can be found just inside the gates. n Stress about trying to see every band or musician you are dying to see. Some of the best Jazz Fest experiences are had while happening upon a band you have never heard of on one of the less popular stages. n Miss the crafts.There are some true Louisiana artisans making and selling their wares. n Pass the Pheasant, Quail, & Andouille Gumbo stand.The rich dark roux kissed with slow-cooked game and sausage is a sublime spoonful of goodness. n Forget a hat and sunscreen.You will know you are on the edge of the tropics the second the sun peeks out from behind a cloud.
MUSIC & TICKETS
This year, Fleetwood Mac, B.B. King, Billy Joel, Willie Nelson, John Mayer, and Earth, Wind, & Fire are just a handful of the headliners that will play over the two Jazz Fest weekends. But if you want to hear the heart and soul of festival, don’t miss these local acts: • Sonny Landreth – Puts on an electric guitar performance that virtuosos like Jeff Beck show up to see.
• Dr. John – Multi-Grammy winner who mixes jazz, blues, pop, funk, and rock into his legendary piano performances.
• Kermit Ruffins & The Barbecue Swingers – Always entertaining, Ruffins uses his trumpet and dynamic personality to whip the crowd into a frenzy with his feel-good jazz.
• Walter Wolfman Washington & the Roadmasters – His mastery of blues guitar and soulful vocals makes him a New Orleans favorite.
• Dumpstaphunk – Ivan Neville leads this funk band whose jamming groove has spawned a devoted following of fans. Purchase tickets and VIP passes at nojazzfest.com, ticketmaster.com, all Ticketmaster outlets, or by calling 800/745.3000. Transaction trends | April 2013 29
JAZZ FEST INSIDER’S GUIDE
Startup Stories: Silver Edge
Evolutionary Tale Silver Edge morphs and grows over time to become a company with multiple product lines and strategies that extend beyond business development By John Manasso
Silver Edge Fort Collins, CO Founded: 2004 Annual processing volume: $1 billion Employees: 72
30 April 2013 | Transaction trends
hen Ken Salazar, ETA CPP, founded his ISO late in 2004, pounding the pavement to sign up merchants, he kept getting the same question:Was he a Democrat or a Republican? His politics might seem a strange query, but around that time, someone with the exact same name was running for the U.S. Senate. Ken Salazar won and later became Secretary of the Interior.The younger Salazar and the government official are in fact distant relations:Their great grandfathers were brothers. “I had a crafty response,” the younger Salazar says.“Clearly, I was able to work with it.” In keeping with its rapid and continual transformation, the Denver-area ISO previously known as Payment Solutions rebranded itself in recent days as Silver Edge—its third name in roughly eight years of existence. Perhaps that’s not surprising; the company is finding its way perhaps much in the same way as its founder is, especially since he was only 24 when he started the business. Along with the name change, Silver Edge is launching a number of different strategies and product lines following a strategic planning initiative that Salazar, president and CEO, believes will allow Silver Edge to succeed in the highly competitive industry. “We see what’s happening in the space, we see the evolution of payments, we see
Startup Stories: Silver Edge
WORDSTOTHEWISE n Bring “true value” to clients. “If they don’t see the value in a fee, they’re not going to pay it for long and that’s at a very simplistic level,” says Silver Edge President and CEO Ken Salazar. “If you’re not able to give your partners the service they need—to distribute to other clients—they’re not going to be there for long. If you’re not able to empower your merchants with additional value-added service and new emerging technologies, they’re not going to be with you for long.” n Have the right people, processes, and products in your organization. It’s “critical,” says Salazar. Recently, the ISO undertook a strategic planning initiative that included a rebrand, a key hire, and the rollout of a number of new strategic partners. who our competitors are, and the sophistication that’s coming out of there,” says Salazar, who worked at an investment bank in his first year-and-a-half after graduating college before founding the ISO.“And we’re seeing where the emergent markets are, and we believe we’re doing ourselves disservice by being pigeon-holed as just a payments provider.”
We’re HIRING Manufacturer Sales Rep or Sales Associate Covering area : North America or Latin-America countries.
Stop by ETA UIC or contact us :
510-438-6799 Ext. 30 firstname.lastname@example.org UIC is professional manufacturer in payment industry. We are looking for OEM/ODM customer, if you are interested, please contact us.
32 April 2013 | Transaction trends
n Strive for continuous improvement. “Know how to discipline innovation and get better with your people and your products,” he says. “Those things are instrumental for us to take advantage of the emerging opportunities that are coming. There’s no doubt that if you’re standing flat-footed, you’re going to get run over, so we recommitted to continuously evaluating who our partners are, who our vendors are that we’re representing out there, what technologies are coming. It’s something I would’ve never foreseen and now we’re right in the middle of it, and I have a whole new perspective on this.”
In a bid to gain quick name recognition, Salazar christened the new entity PFC Payment Solutions in October 2004 when he founded it. He borrowed the acronym from Professional Finance Company, a collections agency with which PFC Payment Solutions shared an affiliation that helped to get the fledgling company off the ground. Incidentally, it also was owned by his father-in-law. PFC Payment Solutions agreed to take care of all of its namesake’s check business, which is notoriously high maintenance. “He was extremely excited,” Salazar says of his father-in-law.“His focus is on hospital billing and collections.” Salazar believed the name would help to lend credibility to his ISO, but as the company grew and began to create more of a national footprint, the name created confusion among customers and clients alike.Thus, in January 2010, when the company moved into a new facility in Fort Collins, Colorado, it dropped the acronym to simplify its message to merchants. Fast forward three years later and Payment Solutions has sought to replace its former generic-sounding name with something that would describe an exciting future—evoking the idea of riches that prospectors mined from the earth in Colorado’s late 19th century silver rush. The company is up to 72 employees and has 5,181 merchants signed up with annual processing volume of close to a $1 billion, not to mention some big dreams ahead of it. Salazar said the goal of the new Silver Edge name is to “differentiate ourselves from the payment space.” “So it’s much bigger than that,” he says.“There’s so much more happening, we feel in order to be successful in this space now, you’re not going to survive very long if it’s just surrounding payments. I should say we don’t feel we will survive very long if it’s just about payments.”
Frenetic Pace Salazar believes that companies like his, which was founded as a mom-and-pop shop with his wife Amy, a certified public accountant who functioned as the company’s CFO for its first few years
Startup Stories: Silver Edge
of existence, are in a race with the private equity money that has flooded into the industry. He describes the daunting dilemma faced by small business owners: T hey must embrace technology or risk being left behind; yet their time is so precious, making sure that their businesses function properly, that they have little time to devote to such time-consuming projects as researching new technologies. That is why Silver Edge has reviewed hundreds of different companies to identify the best ones that they can present to merchants with a suite of options. “That’s where we come in and fill that gap,” Salazar says. “They don’t have the (research and development) budget to go out there and hire staff and identify and create or develop programs that are customized to them. Our job is to go out there and identify these best-in-class vendors and then line them up with small business owners that are out there.” Three of the companies with which Silver Edge has elected
to partner are vPromos, POS Lavu, and ShopKeep. According to a vPromos YouTube video, the company attaches coupons automatically to a consumer’s credit or debit card in a paperless fashion. The same is true with its rewards program, which also is paperless. POS Lavu, as its name indicates, allows for wireless setup of point-of-sale terminals, with a preference for using products made by Apple. ShopKeep also offers POS systems using Apple products. To help with such an overhaul of the company, Salazar brought in Greg Castro, who had worked at Mercury Payment Systems, also in the Denver area, as director of agent and partner development for about four years. Castro describes the frenetic pace of change over the last few months at Silver Edge. “We’ve got a lot of good stuff going on,” he says.“I’m drinking from the fire hose right now.There’s a level of urgency around all these things.” Salazar says that Mercury “set the bar when it came to part-
Advertisers index Company
CSR-Compliance Solutions Resources
eProcessing Network, LLC
EVO Merchant Services First American Payment Systems Isis
Network Merchants, Inc.
Securenet/Brown Bag Mkting Star Micronomics
Total Merchant Services, Inc
Uniform Industrial Corporation
34 April 2013 | Transaction trends
nering with technology providers.” He adds that “we think Greg is a huge addition to our team” and that he can help “take us to the next level.” Castro has worked in the industry for about 14 years, starting with TSYS for five years. “Technology has advanced more in the last couple years than it probably has in the last five to 10 years,” Castro says, “and it helps businesses to capitalize on big-box solutions so a small restaurant, retailer can capitalize on loyalty cards, push marketing. Those are the type of things that cost several hundred thousand dollars.With advances of technology, it’s affordable down to the smallest merchant.”
Inspired to Lead While Silver Edge is focusing on the needs of the smallest merchant, it also wants to show that it has a social conscience. Salazar serves on the board of a local county’s juvenile assessment center and Silver Edge also donates a portion of its processing volume to the United Way, earning it honors from its local chapter.
“Our job is to go out there and identify these bestin-class vendors and line them up with small business owners.” — President and CEO Ken Salazar, ETA CPP But more than that, it is Salazar’s goal someday to help put the children of all of his employees through college through a $50 million education endowment.The company developed the concept at its year-end meetings. Management thought about its goals, which include becoming a $500 million company, but Salazar also asked the rhetorical question: What really inspires us? “What inspires us is helping our youth and creating opportunity and bettering the lives of those around us,” he says. “What better way to give back to our community and to our loyal team members than by ensuring that if they work with us and they line up with us, we’re going to take care of not only them, but we’re going to take care of their children? We just thought that was extremely inspirational and clearly we have to be successful to do that. “But it’s just a way to give alignment to our core values and something that would actually inspire us more than making money. We wanted more legacy.” Salazar realizes it’s pie in the sky, but eight years ago merchants couldn’t tell him apart from a Senate candidate. Now, the company is making its mark. TT John Manasso is a contributing writer to Transaction Trends. Reach him at email@example.com. Transaction trends | April 2013 35
A Visionary Venture CEO hopes to transform the payment processing industry with company’s flexible solution suite By Bryan Ochalla
hen Rob Caulfield first contemplated starting his own payment processing company more than a decade ago, his goal was to transform the industry. Specifically, he and the e-commerce veterans who helped him open the doors at Irvine, California-based TrustCommerce in 2000 dreamed of creating a platform that wouldn’t be plagued by “the instability, the hard-to-use interfaces, and the unresponsiveness” that, at the time, were typical of such solutions.
All Things to All Merchants Execution of TrustCommerce’s vision can be seen in the payment processing and risk-management products and services it currently offers to its diverse customers. The company’s portfolio ranges from modest startups that process just a handful of transactions per month to Fortune 500 mammoths that process more than one million. These clients run the gamut from health care and nonprofits to retail and transit. At the core of TrustCommerce’s solution suite is a gateway to support “all business models and methods,” says Caulfield, CEO. It accomplishes that feat, in part, by processing with all major credit cards and merchant banks, —Rob Caulfield, CEO providing ACH and e-check service solutions, supporting real-time authorizations and captures, and offering flexible merchant reconciliation options. The thinking behind all of this, according to Caulfield, is that “we don’t want to tell our customers how they have to do business. We’d rather provide them with the tools to do business however they choose. That’s really important to me because there are so many other elements than just payment processing to any business.”
“It’s often easier for us to adapt and evolve with [customers] than it is for them to have to make any changes themselves.”
36 April 2013 | Transaction trends
More Than a Tagline Two other areas are vitally important at TrustCommerce: security and tokenization. “A lot of companies use words like ‘integration, innovation, and security’ as taglines for marketing. We see all of those things as commitments,” says Caulfield.“They’re fundamental to what we do.” TrustCommerce, a certified PSI DSS vendor, provides end-to-end encryption among itself, a merchant’s servers, and that merchant’s acquiring and issuing banks. TrustCommerce also has used tokenization since day one. Why? “Because at the end of the day, the merchant doesn’t want the data. All they want to do is get paid and be able to reconcile the data. So why put them in harm’s way? We, on the other hand, have no choice—we have to be audited, we have to go through PCI DSS—so it makes sense for a lot of businesses to just stay out of it, if at all possible.” The company’s focus on integration is another key to its ability to support all business models and methods.“We may walk into a municipality and talk to the treasurer and hear they’re having a hard time because everyone’s marching to the beat of a different drummer—because different software is being used by each department. We can tell them, ‘No problem, leave them on their native software, we will pull everything together, get you all the reporting, handle all the processing ... you don’t have to change your business.’ “It’s often easier for us to adapt and evolve with them than it is for them to have to make any changes themselves,” he explains. Walking the Walk “I know that when you look at this industry from a 10,000foot view, we all look the same,” Caulfield admits. He and his colleagues at TrustCommerce try to differentiate their company’s solutions from those of their competitors—and attempt to do so with passion and integrity. “We really walk the walk,” Caulfield says,“both when it comes to doing the right thing and when it comes to making sure our partners and the people we do business with are happy. And at the end of the day, that’s what we want to be known for.” TT Bryan Ochalla is a contributing writer to Transaction Trends. Reach him at firstname.lastname@example.org.
VeriFone Joins nBCâ€™s All-stAr CeleBrity ApprentiCe As eXClusiVe MoBile pAyMents proVider
e n t e r to win 2 tiCkets to the liVe FinAle oF All-stAr CeleBrity ApprentiCe. Visit www.verifone.com/celebrityapprentice for entry and rules.
Watch how VeriFone VX 680 helps celebrities raise money for their charities all season long. ÂŠ 2013 VeriFone, Inc. All rights reserved. VeriFone, the VeriFone logo and VX are either trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the properties of their respective holders. All features and specifications are subject to change without notice. Reproduction or posting of this document without prior VeriFone approval is prohibited. NBCUniversal is not a sponsor of this promotion and is not involved in the administration in any way.
The mosT imporTanT Thing To remember isn’T ThaT we won eTa’s 2012 iso of The Year. iT’s ThaT everYone else didn’T. Your business deserves the best. Join our winning team and our 16 year reputation of creating great experiences for Sales Partners and Customers. We have assembled a New Leadership Team with the experience and vision to secure your long-term success. We won ISO of The Year for a reason. Call us now and find out why.
Call us TodaY aT (888) 848 - 6825 X9411 www.isoofTheYear.Com