Danielle Duclos: Good morning, everyone, and welcome to Bluefin’s Partner Podcast. Today we will be speaking with Vince Steffano, senior product manager for ID TECH, and Eldred F. Garcia, vice president of security solutions for Bluefin.
ID TECH is a leading provider of PCI-validated point-to-point encryption (P2PE) devices and serves a variety of industries with their payment and hardware solutions. The company recently announced the release of their new SREDKey 2 P2PE device and today, Vince and Eldred will be talking about Bluefin and ID TECH’s partnership, the value and benefits of P2PE, and the major industries the two companies serve with their solutions. So welcome Vince and Eldred. Great to have you both with us.
Vince, tell us a little bit more about ID TECH and what your company does.
Vince Steffano: Thank you for having me, Danielle. ID TECH has been in business now for over 30 years, focusing on hardware and software solutions for payments. From a logistics standpoint, ID TECH has a pretty wide berth and a strong presence throughout the world, including China, Taiwan, and Cypress, California, and we just recently opened a new shop in Rocklin, California, which is our center of excellence for new product development, both hardware and software.
Danielle Duclos: Vince, your company was an early Bluefin partner for our P2PE solution when we became the first validated North American provider in March 2014. We actually certified to both the SREDKey 2 and the SecuRED. Tell me a bit about why ID TECH, as one of the first device manufacturers to obtain P2PE validation, decided to go down that path? Why was P2PE important?
Vince Steffano: That’s an interesting question, and it really goes back to our DNA and what our founder emphasized with each one of the employees and really every new hire that comes into the company. Know your market. Listen to our customers and partners. And then security – obviously, for a company like ours that is taking payments, security is a key deliverable in this area. And it’s driven throughout all disciplines of the business.
I had the opportunity to sit on several engineering meetings. And although they’re tedious at times, hearing the passion in the voices of the people as they’re diagnosing these problems and going back and forth and trying to figure out what the problem is. It’s refreshing to know that when we come across an issue, we’ve got people that are going take it to the next level and make sure that it’s A.) rectified, but B.) that it’s not going come back at a later time.
And ID TECH really takes our partner network and our customers to that next level. The mindset is that if our partners succeed, ID Tech will succeed as well.
So, why we got into P2PE so early is that strategically, it just made sense for ID TECH. We had the products in place to accommodate one of the core P2PE requirements – which is being able to encrypt at the point of interaction.
Knowing the market, we knew that merchants needed to take payments in a secure environment so that their customers could have a safe shopping experience. And then important was having trusted partners to actually bring these devices to market – which is testament to our relationship with Bluefin, which was able to bring this compelling solution to merchants. So, a win-win for ID TECH, a win-win for our partners.
Danielle Duclos: Agreed and that actually leads me to a question I wanted to ask you, Eldred. A lot of our customers have embraced the SREDKey. Can you tell me more about the verticals where this device has really made a difference with Bluefin’s products and services?
Eldred F. Garcia: When I started with Bluefin several years ago, the SREDKey was the device of choice. This device is, by far, one of the most ordered devices because it moves between payment environments very easily and that ease of use really resonates with our customers. The ability to plug and play without having to download any operating system, software, or drivers makes implementation simple, and it allows the customer to be able to use it in different environments.
The higher education space comes to mind because they have to constantly take payments over the phone, at their desks, or it could be a hybrid environment where they leave the building and set up a tent for an alumni event where people actually come in-person. They can unplug the device from their desktop, plug it into their laptops. And then go out to that tent that they’ve set up, connect to Wi-Fi in a very secure way, and continue taking payments in a physical environment with the MSR – the magnetic stripe reader. This allows for a very secure, portable workstation and it provides a lot of flexibility for those complex or hybrid environments.
But you can see how this can translate into other verticals. Anybody who’s taking payments over the phone – whether it is an ecommerce environment or a vertical that is receiving deposits, such as rental equipment. This device has worked extremely well to secure those payment channels without the need for new software or complex integrations.
So the SREDKey has created not only security and flexibility, but it’s also created mobility – being able to move from one environment to the other and easy plug-and-play.
Danielle Duclos: So what are some of the differences that we have with this new SREDKey 2 that will replace the original SREDKey?
Vince Steffano: Great question. And I just want to capitalize on a comment that Eldred made about the comfort level of bringing the device anywhere and using it. It’s simple, yet sophisticated and secure, and the idea behind it is that it’s non-intimidating. When you plug it in, it just looks like a keypad, right? So, the user, when they’re entering in a credit card number, it just feels like they’re using a calculator or the keypad on your keyboard.
But getting back to the SREDKey 2 and really the differences between the SREDKey 2 and the SREDKey 1 – everything’s changed, but nothing’s changed.
Let me dig into that a little further. As far as the “everything that’s changed” – probably the most significant change is the addition of PTS 5. The SREDKey was a PTS 3 product, which will expire in April of next year. So, we increased the security level from PTS 3 to PTS 5, which for those in the industry know is not a trivial jump.
We’ve also expanded the display from a 2X20 to a 2.9”. Not a big change, but it does allow us a little more real estate. And for people that can’t see as well as you used to be able to – me being one of them – gives us a little brighter screen to make those digits a little bigger.
Then last, but not least, we increased the tactile feel of the keypad. It still has the robustness of 4 million-plus key presses. The swipe for the MSR product can still do over a million MSRs – tested to a million MSR swipes. But the key on this was the time and the effort spent on ensuring that the tactile feel was appropriate.
We produced countless numbers of keypads to ensure that when you press down on the number, it doesn’t take 10 pounds of pressure to make sure that the number hits. But it’s not so sensitive that if you lay your hand on it, it will start scrolling a bunch of numbers across the keypad. There’s a fine balance for those on these keypads eight, ten hours a day.
For the nothing part of it – we wanted to make sure the form factor was the same. So if you stack a SREDKey and a SREDKey 2 side-by-side, it’s the same size. It looks and feels like the same product, with the exception of the keypad and the display. We wanted to keep that same, unintimidating look and feel of today’s product of with the same capabilities.
Eldred F. Garcia: I think what Vince is saying is really important, especially being on the front line and talking to the customers. Any time there’s a new device, you have to set expectations. One of the things that I talk to them about, and which Vince highlighted, is that while this new device is PTS5, and the previous one was PTS 3, the PTS 3 device still qualifies for an SAQ or a self-assessment questionnaire, P2PE.
Vince also mentioned that you can still use those devices until 2026, going forward, as part of your SAQ P2PE. And additionally, adding more devices – because this happens frequently where you have a call-center environment that starts to expand, and you’re adding more people taking payments, and you need to add more devices – you can add the new SREDKey 2 to the mix of existing SREDKey devices without any problem. So, if you will, mix-and-match will not be an issue.
And this is very key, very important, especially for all of those customers we have using the SREDKey device – feeling that comfort that going forward, they can continue using them. They can add additional devices, while still using their existing SREDKeys for five years, and their SAQ P2PE environment’s completely secure.
Danielle Duclos: That’s a great point, Eldred. Now, explain a little bit about the availability of SREDKey 2 across Bluefin’s product lines.
Eldred F. Garcia: The ID TECH SREDKey device, including the ID TECH SREDKey 2 device, is one of the most popular devices that we have at Bluefin because if you look at the payment environment, you’re basically looking at five different payment channels, right?
You have ecommerce, which is your at-home, making purchases from your desktop. You have your MOTO environment – your mail-order, telephone-order environment where a customer is actually calling into a call center. And that call center representative is taking the payment – the sensitive card information into their network. Then you have regular retail, face-to-face. You have mobile. And then you have unattended kiosk.
And the ID TECH SREDKey addresses a number of those payment environments. So, someone in a customer-service environment can easily add security and that payment channel is pretty much in every single business model whether you are an exclusive or traditional call center, where you only take payments over the phone, or whether you are an ecommerce merchant, but you have a customer-service center. And the customer gets stuck making a payment. And they pick up the phone, and they call customer service.
At the beginning, a lot of those ecommerce folks were like – well, how are we going to use this device? We can’t send this device to someone at home. And we would tell them – no, you can’t. However, when that customer at home gets stuck, they need to be able to call somewhere. That’s where this device comes in – when they call in that call center for that ecommerce merchant. And then, obviously, the hybrid capability of this device to be able to take it into a card-present environment and take payments in-person with a magnetic stripe reader.
So you really see this device throughout our different payment environments, and with our PayConex and Decryptx products. Not only does it apply to multiple verticals, but in the current environment, where we are all dealing with COVID, where all of these companies have essentially sent their employees home, the ID TECH SREDKey device has really become a savior, if you will, to take payments in a secure way in a remote environment.
Now they can leave the security of their secured networks at work, go home into an environment that’s not necessarily as secure because you’re dealing with home Wi-Fi networks that probably have default passwords still on them. And having that concern that their customers or their employees are going home and connecting to these less secure environments, but knowing that they have a PCI P2PE secure device that they can continue taking payments in a completely secure way.
Danielle Duclos: Excellent. It sounds like it’s just a very versatile device for pretty much any environment. Vince, did you want to add anything additional onto that?
Vince Steffano: No. That was a great summary of the product. The only other vertical I wanted to add here was think of hospitality, as well. As you check into a hotel, when you go to actually check-in, they always ask you for a credit card or to confirm a credit card number. A lot of times, this device is used within that area. Again, probably not a lot of us are staying in hotels of late, but that’s another strong presence to this device and a really key use for it, as well.
Danielle Duclos: Excellent. I want to thank both of you so much for joining us today. Within the transcript, folks will find some helpful links over to ID TECH’s new press release on the SREDKey 2, a case study that we did with ID TECH and one of our partners, Intelligent Contacts, on some of these acceptance methods we talked about today, as well as a product description and links to the product website.
Vince Steffano, Product Manager, ID TECH
Vince is a Product Manager for ID TECH specializing in retail payment devices for the Tier 2 retail market. Vince brings 25+ years of experience in technology with 12+ years personal computer space with the last 13+ years in payments. Vince’s payment experience ranges from working directly with Tier 1 and 2 retail customers to driving requirements into new product designs. Vince has also worked with major transportation agencies ensuring that the requirements meet the needs of their constituents. At ID TECH, Vince is responsible for ensuring the Tier 2/SMB product line meets the needs of this vertical.
Eldred F. Garcia, VP, Security Solutions, PCIP, Bluefin
Eldred is VP, Security Solutions for Bluefin and heads the company’s Latin America and Caribbean region, specializing in solutions for enterprises and higher education. Eldred brings 20+ years’ experience in the payments industry through banking, consulting, the major credit card brands, processor, fraud prevention companies, and on the merchant side. Eldred’s focus has been primarily in the credit card industry and more specifically with emerging technologies and fraud prevention.