The following is an abridged transcript of Bluefin’s payment security podcast featuring Danielle Duclos, Vice President of Marketing, Bluefin, and Edward Lo, Vice President of Sales and Business Development, Volanté Systems.
Danielle Duclos: Welcome to Bluefin’s first installment of our payment security podcast. I’m pleased to have Edward Lo, Vice President of Sales and Business Development for Volanté, Systems, join me today. Volanté develops enterprise point-of-sale software, specializing in multi-unit quick service and table service and restaurants, institutional cafeterias, retirement and senior living communities and attractions, stadiums and events.
Volanté partnered with Bluefin in 2016 to provide our PCI-validated point-to-point encryption solution to clients that are currently utilizing Volanté’s platform. We are excited to have Edward here to talk a bit more about Volanté’s history and growth, and the company’s decision to offer a PCI P2PE solution. Welcome Edward!
Edward Lo: Thanks Danielle. I’m super excited to be here and thank you for having me.
Danielle Duclos: So glad that you could join today. I wanted to start off by having you tell us a little about Volanté, what you folks do, how you started up, and your role at the company?
Edward Lo: I would consider us a hospitality, modern enterprise point-of sale software company. We focus in verticals such as restaurants and we do a lot of food service management, it’s actually our core business. We also service senior living communities, like in their food-managed family to dining and meal management services, as well as their spas and gift shops. And we also do a ton of institutional cafeterias. So we serve corporate buildings, hospitals, universities, colleges and a lot of venues and performing arts theaters.
When our founder, Joseph Lee, graduated from the University of Waterloo, him and his two friends started developing Volanté point-of-sale system in his mom’s basement because rent was free back then! Shortly after, we got our first opportunity to work with a large enterprise customer, because of our peer to peer technology. They gave us a shot. That was about 14, 15 years ago. And our first merchant is still with us today.
Danielle Duclos: Did Joseph see something in the market in terms of what wasn’t being served through point-of-sale, especially in hospitality? What was the impetus for founding the company?
Edward Lo: That’s a great question. Well that one merchant, they host an annual event every single year. They have 85,000 people that attend. But the point-of-sale system that they were using at that time was a server client relationship. So when the server failed or they lost internet, all their terminals would fail. And we actually had this solution that was using peer to peer technology. So it would still operate without server connection, without network connection, without Internet connection. In an event that did happen, all of our terminals would continue to still operate and essentially they were all master terminals.
Danielle Duclos: It sounds like there was definitely a market need for what you folks were providing. And it’s clear that Volanté obviously has a rich history. Tell me how you have seen your customers’ payment security needs evolve. We hear a lot about data breaches, that hackers are targeting all types of industries. Do you feel like your customers have experienced or have expressed a fear about being breached or having greater payment security in place?
Edward Lo: Yes, I think back in late 2015, 2016 when we started the journey into having payment security with point-to-point encryption. Back then, no one really asked about it or it wasn’t as important. But throughout the past few years, it’s become increasingly important to our merchants. Most of our merchants are in that mid-market enterprise category. So most of them nowadays would require validated point-to-point encryption. As a payments provider, if you don’t have a P2PE solution, they don’t even want to talk to you.
And I think there’s been an increasing number of demand for this solution through the RFPs that we respond to. Again, back in 2015, 2016 it was barely even asked. Nowadays, I would say 70% to 80% of the RFPs that we see have the requirement for a PCI-validated point-to-point encryption solution. And their biggest challenge, I would say, is having a solution provider that can really provide them with a very safe, secure method of payment processing that they don’t have to worry about.
Danielle Duclos: It’s interesting that you folks adopted the solution back in 2016, because Bluefin was the first North American company to get the validated certification in March of 2014. So Volanté was actually an early adopter. And it seems like there was a combination of two things going on. Number one, Volanté as a company understood the need for payment security. But number two, it also sounds like your clients had already started to ask for something like this. Is that what made you folks decide to go down this path?
Edward Lo: We were first initially asked for P2PE by one of our large merchants in the United States. Actually, they weren’t even our merchant yet at that time. They said, “Hey Volanté, we want to start using you, but you need a validated point-to-point encryption solution. If you don’t have one then unfortunately, we can’t use you.”
So it was actually in late 2015 that we started pursuing a P2PE solution for one of our large food service management partners. And you’re right, at that time there was maybe only a handful of validated providers on the PCI website. So we started interviewing a few of those companies, Bluefin being one of them, because again, there wasn’t that many. This was pretty important to our merchant, because there’s been an increasing rise of credit card breaches in the industry and being an operator with thousands of locations, they needed to be sure that if they were ever a victim of a breach, that the card data would be devalued. So we integrated our point-of-sale platform into Bluefin and began deploying the “set it and forget it” P2PE solution to our merchants. And actually, if it wasn’t for you guys, there would be a chance that we wouldn’t even have half these merchants! So thank you.
Danielle Duclos: Well that’s an interesting thing you say, as many people might not realize that the product was such a pull. I mean you’re talking about RFPs, obviously it’s becoming much more of a merchant concern if you’re seeing it. But it sounds to me like the validated P2PE solution has helped to be a differentiator in the market for Volanté.
Edward Lo: Yes, 100%. Especially because we were an early adopter, we were one of the few POS solutions that had validated P2PE. It was definitely a reason why our merchants did select us to be their point-of-sale solution.
Danielle Duclos: One of the things I wanted to ask you is about your selection process. Obviously you considered a couple of different P2PE providers. Did the fact that Bluefin had decoupled P2PE from payment processing, we call that our Decryptx product, help in your decision making and in turning towards Bluefin?
Edward Lo: Yes, I definitely think it did. I would say Bluefin is pretty much our primary offering, because they provide so many different options and solutions. So it definitely helped us choose Bluefin as our solutions partner.
Danielle Duclos: And how has the reception been among merchants? Do they find the device selection to be good, the management to be easy? And the reason I ask is that you hear a lot in the market about what we call non-encrypted or non-certified solutions. And people will say, “Well I do the non-validated P2PE, because it’s easier.” Do you think that merchants have a difficult time with the validated products?
Edward Lo: A lot of merchants don’t even actually know what PCI is. They take credit card payments. They might not even do their SAQs, and when we bring it up to them, they don’t even know what we’re talking about. So we try to educate them. And I don’t even think we saw the value of a validated P2PE solution ourselves back in the day. It was around the middle of 2016 when more and more merchants were suffering credit card breaches. And they were making huge headlines, having to pay millions of dollars of fines. And that’s when more and more of our merchants were asking for validated P2PE. That’s also when we started looking into how Bluefin overall could fit into our ecosystem and we quickly realized at Volanté that we are not a payment security expert. We are a hospitality point-of-sale expert and if we leverage the Bluefin solution, we could essentially be both.
Danielle Duclos: So that really becomes an all-encompassing product for you folks to offer to your merchants then. You’ve got the payment security through Bluefin, but then you have the state-of-the-art platform for hospitality through Volanté.
Edward Lo: Yes. I think that’s why we can provide such a competitive solution to our enterprise mid-market, as well as our small merchants.
Danielle Duclos: If I’m a merchant today or I am a client or even a prospect, perhaps I have an RFP and I’m looking to Volanté to get both your platform and the P2PE solution, how do I go about that?
Edward Lo: That is a great question. If a merchant wants integrated payments with our point-of-sale solution, they automatically by default get Bluefin in the United States. So not only does our mid-market and enterprise merchants who are looking for P2PE get Bluefin, even all our small merchants will get it.
I think when we understood the value of encryption and the Bluefin offering, that’s when we started deciding that if you’re a small merchant, especially because you’re a small merchant, you have to get it. Because most of them do not have sophisticated networks. Most of them don’t have security teams or PCI teams or cybersecurity teams. Nor do they even contract third party cybersecurity firms to protect them. So that’s why when we deploy Bluefin’s P2PE solution to everyone, we know that all our merchants will be safe in the event of an intrusion.
Danielle Duclos: And it’s interesting you actually used the term, devalue of the data. So do you think of this solution as kind of a way to devalue the data that’s going in and out of a merchant system?
Edward Lo: 100%. I think that it’s not only if the merchants will get breached, it’s a matter of when. It doesn’t matter how sophisticated your networks or your firewalls are. Hackers and malware and viruses and intrusions will eventually get there and penetrate your system. And then when you devalue the card data, well that for us we feel safe and good about it. They can have the card data but they’ll never be able to decrypt it. So making it kind of worthless to them.
Danielle Duclos: To me it sounds as if Volanté has positioned itself as a company that truly cares about the payment security of their clients. Especially small to medium-sized businesses that simply do not have the resources to do this themselves. Do you feel as if the industry, in general, and processors and gateways could be moving toward more adoption of a Decryptx, for example, solution to provide to their clients or should they be?
Edward Lo: Yes, I think payments as a whole is moving toward this, because of the rise in digital methods of transactions like credit cards, debit cards and mobile payments. We’ll continue to see less and less use of cash. And as we move towards more digital transactions, I truly believe that all transactions should be encrypted. Because no merchant should be processing any sort of payment without a validated point-to-point encryption solution. It protects them as well as protecting the cardholder.
And as a user of these cards and debit cards and payment solutions, I would want all transactions to be encrypted. And it’s actually funny, every single time I go and hand over my credit card and I tap or swipe at the pin pad, I make sure that I see their pin pad to see if they have a validated P2PE solution. And when I don’t see it, I get a little nervous and I don’t really want to give it to them. So I think that, in the future, we should move towards a standard that all processing should have point-to-point encryption as a standard.
Danielle Duclos: That’s a very interesting thought, because I know that at least in Europe there’s been talk of mandating P2PE for MPOS. And we’ve also seen everything that’s going on with GDPR and the huge fines that are being levied. So it will be interesting to see if the U.S. eventually moves toward a standardization of encryption of payments as a whole. In terms of, you mentioned mobile, you mentioned tapping, you mentioned a little bit about some different ways of payments – we all kind of think cash and checks are probably going away. What else do you see for the future of payments in terms of payment security? You’re in a very interesting industry with hospitality for example, where you have a lot of unattended and pay at the table. Are you seeing any of that kind of demand from your customers?
Edward Lo: Yes, 100%. I think it’s going to move towards more digital payments. So we’re going to see more alternative payments like Alipay, WePay and we even have merchants asking for cryptocurrency payments. I think that regardless of what kind of digital transaction payment method they choose, the transactions should still be encrypted. It only makes the cardholder feel safer.
Danielle Duclos: Excellent. Well I want to thank you so much for your time today. And let the audience know that if you would like more information on Volanté and what they do, go to https://www.volantesystems.com/ and learn a little bit more about their platforms and the industries they serve.
And Edward, I want to thank you again for joining us today. Very insightful, very great information. Did you have anything else to add?
Edward Lo: Well, I just want to say thank you for having me and it was a pleasure speaking with you today. And I look forward to continuously working with you and your organization more closely in the near future.