It’s no secret that data breaches on the rise. 2016 was a record year, with the Identity Theft Resource Center (ITRC) recording 1,093 breaches that involved more than 36 million consumer records.
Franchises are one of the most lucrative hacking targets. Dairy Queen, UPS, Goodwill, Wendy’s and Supervalu all have one thing in common – they are franchised companies that have been breached. The pattern in all of these cases was similar – hackers infiltrated the franchisee’s point of sale (POS) system via malicious software (malware) and found clear-text credit card data, which they then resold on the black market.
In 2016, Bluefin Payment Systems and Two Men and a Truck (TMT) partnered to provide TMT franchises mobile and office payment processing with Bluefin’s PCI-validated Point-to-Point Encryption (P2PE) solution, which is designed to secure credit card data through encryption in a PCI-approved P2PE payment terminal. Encrypting data within the device prevents clear-text cardholder data from reaching the franchise’s system or network where it could be exposed in the event of a data breach.
TMT – Payment Security Advocates from the Top Down
TMT was seeking a solution that would protect their customer’s credit card information. “We wanted to implement effective measures that were easy for the franchise to use but also easy for us to deploy – and that had high benefits for our customers,” said Jake Gaitan, Director of Information Technology for TMT.
TMT needed a payment security solution but they also wanted the flexibility of mobile processing. Drivers would call in credit card transactions to the main office, where a member of the staff would manually enter the information to run the transaction. Because the card was not present, the locations were being charged higher transaction fees. TMT estimates that savings from reduced fees have already saved corporate $18,000 – $20,000.
With a background in financial institution security, Jake understood the value of a PCI-validated P2PE solution. While TMT considered several P2PE providers, what sold them on Bluefin was the solution’s flexibility, simple deployment and customer support for their franchises.
Bluefin enabled TMT to deploy the PCI-validated P2PE and EMV-certified Nomad 2.0 Bluetooth mobile device with an android or iOS tablet, which allowed their drivers the ability to securely and conveniently collect payment at the time of service. TMT also deployed the ID Tech SREDKey keypad and swipe terminal to accept secure payments over the phone or in office payments.
The solution was introduced in fall 2016 and the company already has 45 franchises signed with over 300 mobile devices deployed.