Russ: This is The BusinessMakers Show, heard here and online at thebusinessmakers.com. And it's guest time. And my guest this morning is Bill Pickard, Chief Operating Officer with Vendor Safe Technologies. Bill, welcome to The BusinessMakers Show.

Bill: Russ, thanks. We are delighted to be here.

Russ: Well let's start then by telling us about Vendor Safe Technologies.

Bill: First off Vendor Safe is a company who has been in business for 19 years, formed by two brothers, Mark and Brad Cyprus, who didn't want to work for anybody else when they got out of school. And so last year myself and another gentleman named Chris Melson, a local entrepreneur here, went to work for the Cyprus brothers. And we are now bringing a new service to market that helps credit card merchants comply with the Payment Card Industry Data Security Standard.

Russ: Okay. I gotta tell you, I think that could be interesting, you know. I have always thought, Bill, all these people that are really cautious about ever putting a credit card number on the Web, and then they go out and drink a bunch of Margaritas and don't seem to have any problem at all handing their real credit card to a complete stranger and walking off. Does Vendor Safe Technologies address that?

Bill: Yes, absolutely. And today—unlike several years ago—your credit card transaction is safer on the Web than it is at restaurant or a retail store.

Russ: I believe it, man. I believe it for sure.

Bill: Now when your waitress takes your credit card…

Russ: Right.

Bill: …and comes back wearing a fur coat?

Russ: Right.

Bill: You know there is an issue.

Russ: {Laughs} Well in fact tell us how big is that issue. Do you guys even know what size the market is on this? Or is that just impossible to tell?

Bill: Well there are roughly 6 million credit card merchants between food service and hospitality.

Russ: Okay.

Bill: So a restaurant and a hotel, where we spend a lot of time—we also do other retail as well—but there are roughly 6 million of those in the state.

Russ: Okay.

Bill: So it's a very large market. And most of the merchants today are not secure.

Russ: Okay.

Bill: As a matter of fact I, personally, when I go to a restaurant I don't take my credit card. I only give them cash unless it's one of our customers.

Russ: Have you actually had an experience? Or at least you have witnessed a few.

Bill: The number of breaches that occur in the United States is getting more and more prevalent. As a matter of fact there is a article in the Wall Street Journal. Or at the end of August 2008 there were already more breaches during those months than in all of 2007. Hackers are getting more sophisticated. They get better tools. You know, it's an arms race basically.

Russ: Okay. So you are kind of dealing in trying to protect against hackers and against just personnel, I guess, that take your card and go back in and record it on some kind of bootleg device and run off with your number?

Bill: Yeah. That's called a swiper, when a waitperson will go back and steal your credit card. That is typically not what restaurant owners worry about. They worry about someone penetrating their network…

Russ: Okay.

Bill: …and stealing a bunch of credit cards. For example, Dave & Buster's…

Russ: Right.

Bill: They lost 5,000 credit cards.

Russ: Ooh! Okay.

Bill: Okay? So when you get your credit card stolen, you have been compromised in terms of your identify.

Russ: Right.

Bill: So everything that you now have on your credit report is subject to suspicion. And so it's tremendous effort for you as a consumer to go through to correct that.

Russ: Okay. When you just gave me that Dave & Buster's sample, it never dawned on me when you go to one of these establishments and they swipe your card and, you know, they charge you and you get your bill, they are actually holding on to that number?

Bill: Yes. Here's how it works. When you walk into a credit card merchant—any type of store—they typically will swipe it. If it's one of those little terminals that you can see, and it's clicking in the background and you can hear it…

Russ: Right.

Bill: …printing out?

Russ: Right.

Bill: Okay. That is probably not gonna be held at the location.

Russ: Okay.

Bill: However, if you go to just about any other restaurant where you don't see that terminal…

Russ: Right.

Bill: …standing right there…

Russ: Right.

Bill: …and they don't rip off the two receipts and hand it to you for a signature, those credit card numbers are being transmitted over the Internet to a bank for preauthorization.

Russ: Okay.

Bill: Not authorization.

Russ: Okay.

Bill: Preauthorization.

Russ: Okay.

Bill: Okay? So let's you go to lunch with me tomorrow. You're paying, right?

Russ: {Laughs} Sure. I guess so.

Bill: You are giving me - you are giving them your credit card.

Russ: Okay.

Bill: They are going to run your credit card.

Russ: Right.

Bill: They'll do a preauthorization.

Russ: Right.

Bill: And your credit card number and all of the stuff that goes with that…

Russ: Right.

Bill: …sits in a queue on the hard drive. And then at night that is all batched up with all the other credit card transactions…

Russ: Okay.

Bill: …for that day…

Russ: Right.

Bill: …to the processor.

Russ: Okay.

Bill: So it sits there for awhile. And in some cases they'll keep those there forever. We have seen some of our customers that we have helped become compliant, and they will have credit card numbers that have been there for five or six years.

Russ: No! My goodness. Well that preauthorization thing, I always wondered how they did that, because they took my card and then that - they apparently came back and said, "It's okay. But we certainly want you to add to it with your tip." So then they go back in, and when they transmit them at night they add the tip on to make sure they are getting that piece, right?

Bill: Absolutely.

Russ: Okay.

Bill: So it's in the preauthorization queue.

Russ: Okay. Okay. So how in the world does Vendor Safe Technologies protect that serious data?

Bill: Well let's talk about the ways in which people get breached. So there are really three ways that credit card merchants—restaurants, dress shops, whatever—get breached. First is if someone penetrates their network remotely. Because most people that process credit cards over the Internet, they have a public IP address.

Russ: Okay.

Bill: So anybody can find that IP address.

Russ: Right.

Bill: And if they can get to that public IP address and have a user ID and a password…

Russ: Right.

Bill: …then they can be penetrated.

Russ: Right.

Bill: Okay. Second is somebody brings something into the restaurant—like a laptop or a thumb drive—and they load a little piece of software onto the local area network.

Russ: Okay.

Bill: That's called malware, or malicious software. Now that piece of software sits there and scans every single file on the hard drive and looks for credit card numbers or looks for any number that'll match a credit card format—14, 15, 16 numbers.

Russ: Okay. Okay.

Bill: Okay?

Russ: Wow.

Bill: The third way that - compromise is really by being able to take those numbers, collect them. Once they are collected on the hard drive, then they have to be sent some other place. And so having those numbers transmitted from your local area network across the Internet—typically overseas—and so when the person that's perpetrated the crime receives those numbers, what they do is they will create a new set of ID. All they need is your credit card number.

Russ: Right.

Bill: They don't need your name.

Russ: Right.

Bill: They don't need the expiration date. They create a new set of credit cards, driver's license to go with it, and they package those up and sell them.

Russ: Okay. Wow. Well I want to hear how Vendor Safe Technologies protects that process after this. We are speaking with Bill Pickard, Chief Operating Officer of Vendor Safe Technologies, and you are listening to the The BusinessMakers Show, heard here and online at thebusinessmakers.com.

[Aflac Commercial]

Russ: This is The BusinessMakers Show, heard here and online at thebusinessmakers.com. And continuing on with Bill Pickard, Chief Operating Officer of Vendor Safe Technologies: And Bill you had just sort of outlined the three ways that these professionals these days seem to be able to go into an establishment and extract credit card numbers. Sounds pretty scary. In fact the last thing you said is that all they need is the number. How do they get around the issue of the expiration date? Because everywhere I buy things they always want to know that expiration date.

Bill: They'll create a set of IDs that have different expirations dates. And they'll go try a number of transactions until they figure out what the right expiration date is.

Russ: Okay. Okay. You mentioned the three ways. How does Vendor Safe Technologies manage to stop that?

Bill: We offer—for a single, fixed, affordable, monthly fee—a VPN, Virtual Private Network.

Russ: Right.

Bill: And all that means is that your transactions that go across a public Internet are safe. So Vendor Safe has built a 50,000-node VPN. And we sell that on a monthly basis to restaurant owners. And we guard against those three things as well as many others. Now if a restaurant owner or a hotel owner or any type of a retailer that accepts credit cards were to go out and create this solution themselves, they would have to buy five or six software packages. They'd have to buy a package for two-factor authentication; that's to help you log onto the networks safely. They'd have to buy a logging system that would look at all the attempts to get onto your network. They would have to get monitoring software to determine if anybody else has added something new to your system on a local area network basis.

Russ: Right.

Bill: So they'd have to buy those, integrate them, manage them on an ongoing basis and figure out how to report that. Or they could come to us…

Russ: Okay.

Bill: …and we do it for them for one low, affordable, monthly fee. So we put a firewall at their location, and we essentially manage their location—manage all the data going from the untrusted to the trusted and from trusted to untrusted. So what I mean by that is data coming in that is not approved doesn't get in—and the same with data going out. That's how come when somebody collects credit card numbers and they are sitting on the hard drive and they want to transfer them to another Web site, we prevent that. Because we only allow transmission of data to an - a preauthorized IP or Internet Protocol address.

Russ: Okay. So I would suspect that restaurants—particularly small restaurants and so on—have not been know to be real sophisticated in their technology and therefore are probably not real sophisticated in their security either. Right?

Bill: And Russ, that's why I don't take my credit card to the restaurant.

Russ: Okay. I understand.

Bill: Okay. Because most of the breaches—more than half of the breaches—occur at restaurants. And also another big place is college bookstores because - the colleges grow their own hackers basically.

Russ: Right. Absolutely. {Laughs}

Bill: And so college bookstores is a prime area target. Like restaurants they tend not to have a sophisticated IT—information technology—staff.

Russ: Right.

Bill: And therefore they don't have the protection or security that you would like as a consumer for somebody to have that you are handing your credit card.

Russ: How many customers today does Vendor Safe Technologies offer this protection to?

Bill: Well we have a number of credit card merchants in our customer rate - base—everything from a single-unit restaurant like Magnolia Bar & Grill all the way to a large retail chain that has 454 stores.

Russ: Okay.

Bill: So we have been marketing this solution for roughly 60 days, and we have well over 100 customers that are using it.

Russ: Okay. Are you guys kind of leaders in this space? Or have there been others out there ahead of you?

Bill: There are certainly others that offer similar solutions. However, none of them package it as we do and offer it for that fixed affordable monthly fee. Most of our competitors are larger companies—like AT&T for example—that will come in and design a custom solution for you and also charge custom prices.

Russ: Sure. That makes sense. Okay. Well when we come back I want to understand how you sort of took this company that's 19 years old, owned and operated by these two brothers, and started this new division and took off with that so we can find out how you got to this point. We are talking with Bill Pickard, Chief Operating Officer of Vendor Safe Technologies. And you are listening to The BusinessMakers Show, heard here and online at thebusinessmakers.com.

[Aflac Commercial]

Russ: This is The BusinessMakers Show, heard here and online at thebusinessmakers.com. And continuing on with Bill Pickard, Chief Operating Officer of Vendor Safe Technologies: Well Bill you mentioned that you sort of - and a partner came in and reorganized this company that was 19 years and owned and operated by the Cyprus brothers. Tell us about that transition. When a business takes that kind of a formative change it can be pretty exciting. How did that happen?

Bill: Well the Cyprus brothers had been running this networking company for an awfully long time. And so they basically did one thing—designed and managed data networks; had been doing it locally for years; had a few large customers, a great number of small customers. And they wanted to do something different. They knew that PCI Standard was going to be big if all merchants were going to have to comply with it. And so they wrote a business plan to do just that.

Russ: What's PCI Standard?

Bill: PCI Standard is the Payment Card Industry Data Security Standard, and it is a standard that's put forth by the PCI Security Standards Organization…

Russ: Okay.

Bill: …of which we are a member. And that consists - there are a number of owners of that, okay, as you might guess: Visa, Mastercard…

Russ: Right.

Bill: …American Express…

Russ: Right.

Bill: …Discover and JCB…

Russ: Right.

Bill: …which is a European card brand. Each of those card brands had their own data security standard for their merchants. Several years ago they created this organization to have one standard across the industry. Most merchants will accept more than one card brand, and therefore they were trying to comply with two different security standards.

Russ: Okay.

Bill: So they were able to unify that standard.

Russ: And when you mentioned previously the particular businesses that were not in compliance, they weren't in compliance with the PCI Standard. Is that right?

Bill: Yes.

Russ: Okay.

Bill: And that - Russ that's true for most restaurants, credit card merchants, hotels today, is they are still not in compliance.

Russ: Oh, okay.

Bill: It's a relatively new standard. It does cost something to become compliant. And so most merchants do not want to take on that additional expense.

Russ: Okay. It almost seems like—based on the magnitude of the potential problem to customers—that an establishment could sort of make it known that they are PCI Standard compliant and make customers feel better. Right?

Bill: Yes. Absolutely. And I think that you will see over the next few months consumers starting to ask restaurants whether or not they are PCI compliant.

Russ: Okay.

Bill: Because that would be what I would want to know before I give somebody my credit card.

Russ: Oh, okay.

Bill: Because even though you see it and maybe they just go five feet away and swipe it and bring it right back to you, you know, your digits are floating around out there in the Internet.

Russ: Oh yeah. Now you mentioned the Cyprus brothers' 19 years in the business, and they wrote up this new business plan. Was it always their intent to go find somebody like you to come out and champion the new cause?

Bill: Well they wanted to do something differently than they had been doing in the past. They had the support of their family that had helped them get started 19 years ago. They are two extremely intelligent brothers. Their dad's an engineer and is a professor at Rice now. So they wrote this business plan and were looking to get it funded. Myself and Chris Melson were interviewed for the CEO position. And I had known Chris previously, and so he and I had started talking. And we liked the Cyprus brothers. We thought their business plan needed tweaking a little bit.

Russ: Right.

Bill: So that's what we did last year. We did our market research, rewrote the business plan. And now? Hey, guess what: It's time to go raise some money, right?

Russ: Okay.

Bill: Which, you know, is a daunting task as you well know.

Russ: I know. I have been there.

Bill: {Laughs}

Russ: But this is really kind of like a startup, but you just had this basis of this 19-year-old company helping you get off the ground. Right?

Bill: Yeah. It has the attributes of a startup, but it has a lot of things that make a startup tough to be successful.

Russ: Yes.

Bill: So you had a pretty good staff in place been working together. You had a base of business there. And you had a dedicated group of individuals that are - want to be successful.

Russ: Okay. What must be a little bit different, though, is going out and telling the story in business development and sales. How are you doing that?

Bill: We sell primarily through resellers—so through a distribution channel. And point-of-sale resellers, that would be local companies—700 or 800 of them in the United States—…

Russ: Right.

Bill: …that will sell a cash register system. They integrate it with a video camera system for security. And they will go and install that at the retail location.

Russ: Okay.

Bill: And so they will include our solution along with that.

Russ: Okay.

Bill: So we stimulate the market by, obviously, going to trade shows. We have a group of inside sales reps that call on the endusers—the restaurants—to…

Russ: Right.

Bill: …pique their interest. And then we also depend on consultants that are in the security business to help spread our message a little bit.

Russ: Okay. Well Bill, I really appreciate you coming in and telling us about Vendor Safe Technologies, and I wish you good luck, man.

Bill: Russ thanks very much. This is going to be a rocket ship ride, and I am looking forward to it.

Russ: Cool. We have been speaking with Bill Pickard, Chief Operating Officer of Vendor Safe Technologies. And you are listening to The BusinessMaker Show, heard here and online at thebusinessmakers.com.