Case Study: Keeping Customer Data Safe at Two Men and a Truck

Case Study: Keeping Customer Data Safe at Two Men and a Truck

Franchises are one of the most lucrative hacking targets with dozens of breaches reported in the past several years. The pattern in all of these cases is similar: hackers infiltrated the franchisee's POS system and found clear-text (unencrypted) credit card data, which they then resold on the black market or used to make their own illicit purchases.

Last year, Two Men and a Truck (TMT) was seeking a solution to protect their customers' credit card information. "We wanted to implement effective measures that were easy for the franchise to use but also easy for us to deploy - and that had high benefits for our customers," said Jake Gaitan, IT Director for the brand.

Specifically, TMT needed a payment security solution - but owing to the nature of its mobile business (a challenge shared by any mobile service brand), they also wanted the flexibility of mobile processing. TMT considered several P2PE (peer-to-peer encryption) providers before selecting Bluefin Payment Systems to provide its franchises with mobile and office payment processing.

Before TMT implemented Bluefin's P2PE solution, drivers would call in credit card transactions to the main office, where a staff member manually entered the information to run the transaction. Because the card was not present, the locations were being charged higher transaction fees. (TMT estimates that savings from reduced fees since last fall have already saved corporate $18,000 to $20,000.)

Bluefin's PCI-validated P2PE solution is designed to secure credit card data by encrypting it at a PCI-approved P2PE payment terminal. Encrypting data within the device prevents cardholder data from reaching the franchise's system or network, where it could be exposed in the event of a data breach.

The solution, introduced at TMT's annual meeting last fall, currently has 77 franchises signed up (about 20% of its 350 franchisees worldwide), with more than 580 mobile devices deployed.

One of the first TMT franchises to adopt the new security solution was the Grand Rapids, Evansville, and Bloomington locations, run by Rob Felcher, president of TMT Evansville, and Dan Pettit, franchisee. Their drivers, as described above, would call in credit card information during business hours to process over the phone, or jot down the credit card number on the sales order and then input the information when they got into the office - which required them to shred each sales order and the sensitive card information.

"We realized that how we were taking cards could be opening us up to all the risks of having a breach, even internally," said Felcher. "What attracted us to the solution was not only the flexibility of deploying a secure mobile device with our drivers, but also the significant reduction in PCI scope that our locations would see."

In addition to the simple setup, the Grand Rapids and Evansville TMT locations have already completed the SAQ P2PE-HW questionnaire, which took "15 minutes total," said Felcher. Franchises that implement Bluefin's PCI-validated P2PE solution throughout their POS environment are eligible for the 33-question SAQ P2PE-HW - a significant reduction from the 329-question SAQ D.

The solution was deployed about 5 months ago across their three territories with 26 EMV-certified Nomad 2.0 Bluetooth mobile devices and 7 SREDKey card keypad and swipe terminals from ID Tech to accept secure payments over the phone or in the office. And, like TMT corporate, the franchisees have already saved a significant amount in processing fees and expect to save further from the decreased PCI requirements.

"One of the exciting things about TMT is the support from the family and the C-level on technology initiatives," said TMT's Gaitan. "We were pretty much able to do what we needed to do to get a PCI-validated P2PE solution in the hands of our franchisees that would not only provide greater security but bring a tremendous cost benefit to our locations."

For a deeper dive into keeping your network and customer data safe, see our feature article on cybersecurity in Franchise Update magazine (page 40).

To learn more about Bluefin's PCI-validated P2PE, contact Terry Ford, director of security solutions, at tford@bluefin.com or 773-415-0279.

Published: June 13th, 2017

Share this Feature

Comments:

comments powered by Disqus
Golden Corral
ADVERTISE
SPONSORED CONTENT

Franchisor Topics »

Premium Services

Proven Match Business Opportunity

Proven Match
Proven Match provides science-based insights and screening tools to...

FranchiseGrade.com Business Opportunity

FranchiseGrade.com
FranchiseGrade.com is the leader in competitive market research and...

ApplePie Capital Business Opportunity

ApplePie Capital
ApplePie Capital provides a fresh new approach to franchise financing that...

Xivic Business Opportunity

Xivic
XIVIC IS YOUR FRANCHISE DIGITAL PARTNER. Empower your customers. Build...

Konnect Business Opportunity

Konnect
Konnect is an agency with unmatched business acumen that provides public...

Michael H. Seid & Associates Business Opportunity

Michael H. Seid & Associates
MSA provides domestic and international franchise advisory services to...

FranConnect Business Opportunity

FranConnect
FranConnect is the #1 provider of franchising solutions in the world with...

LMap Business Opportunity

LMap
Silvercrest Advertising's innovative Localized Media Automation Platform...


Franchise Update Magazine

A targeted, quarterly magazine that takes CEO's, VPs and Sales Executives to the cutting edge of franchise development.

Subscribe to Franchise Update Sales Report

A Franchise Update Media Production
Franchise Update Media | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2017. All Rights Reserved.

In Loving Memory Of Timothy Gardner (1987-2014)