With the influx of big box stores and national retail chains, many small to medium-sized merchants are finding it increasingly difficult to compete. Few of these locally owned, often family-run businesses have the budget or technical resources to build their own inventory management, supply chain, point-of-sale, or other sophisticated systems like the big players have. That’s why more than 5,000 leading mid-market retailers turn to Epicor.
Industry
Location
Products
Epicor solutions help level the playing field for the “main street” retailer to compete like a global billion-dollar enterprise. In fact, Epicor makes it easy and affordable for mid-sized businesses in a wide range of industries to implement state-of-the-art enterprise resource planning (ERP) solutions. In the retail space, this includes everything from payments and finance, to merchandise sourcing and inventory management, to business intelligence and cross-selling in store, online, or on mobile apps.
Along with these advanced business capabilities come increased data security concerns. Stores may be handling lots of private customer information, particularly credit card numbers. While once a small percentage of sales for smaller retailers, credit and debit cards now represent the vast majority of payment transactions. And even though the Epicor back-end systems have been designed to be highly secure, card numbers captured at the local retail point of sale were processed in a clearly readable state, making them vulnerable to thieves and fraudsters.
Following several recent high-profile data breaches, retailers of all sizes became keenly aware of today’s data security risks. The potential financial impact alone could be devastating. Combined with a damaged reputation and loss of customer confidence, many small and medium-sized retailers could be forced to close their doors. According to the online business site Mashable, “72% of businesses that suffer major data loss shut down within 24 months.”
As a trusted partner for thousands of retailers, Epicor proactively explored data security solutions to protect its customers from the point-of-sale device throughout the payment lifecycle.
Epicor considered a wide range of approaches to data security, including implementing alternate gateways or its own internal data encryption, as well as investigating commercial offerings from vendors such as TransArmor and Bluefin. Following an intensive evaluation, the company chose Voltage SecureData Payments. With Voltage Secure Stateless Tokenization (SST) technology and Voltage Format-Preserving Encryption (FPE), Voltage SecureData Payments provides Epicor with a complete point-to-point data encryption and tokenization solution.
Matt Mullen, vice president of strategy and product at Epicor, explains, “When we dug into the various vendor offerings, either their technology or business model just couldn’t support the volume and scale we needed. But when we took a close look at Voltage SecureData Payments, we liked what we saw. It was already used by other top retailers in the space where we compete, and Voltage SecureData Payments offers a deployment framework that allowed us to bring our data security solution to market in a very easy and affordable manner.”
Bill Wilson, senior vice president of product development at Epicor, adds, “Other vendors had subscription or transaction models, which would not work for us. We wanted to license software and embed it into our offerings, so that made Voltage SecureData Payments very attractive. We also wanted to make data security as seamless as possible for our customers to adopt. Voltage Format-Preserving Encryption was critical to meeting that objective. It allowed us to introduce data security into our existing systems without any major software changes. For our customers, everything still works the same as it always did. Except now there’s a solution that’s designed to fully secure their data.”
Epicor took advantage of Micro Focus Jumpstart services, which enabled the company to put Voltage SecureData Payments into production in just seven weeks. The solution is deployed within the Epicor cloud-based payments gateway hosted by Amazon Web Services (AWS) across six fully redundant AWS availability zones in three different regions.
“The Security folks did a great job managing the project and helping us implement the solution very quickly,” says Wilson. “Now that it’s up and running, we haven’t needed any further tuning or rework. SecureData Payments folded in seamlessly with our standard operations profile.”
This multitenant, multisite gateway handles the full roster of tenants identically, with all six availability zones providing “hot” backup for each other. That is, if any one site goes down, the other five instantly pick up the workload for the entire Epicor retail customer base. Voltage SecureData Payments plugged right into this environment.
“We have a stateless gateway and SST technology fit into that perfectly,” Wilson notes. “SST allowed us to have the same token schemes across all regions with no communication between them. Plus it eliminated the need for a central key management database as well as database replication.”
Mullen also points out the added value of Voltage FPE. “The ability to introduce data security for thousands of customers with no code changes to our standard payments offering was incredibly important,” he says. “It allowed us to launch our new security offering well in advance of market expectations. That was extremely beneficial to Epicor and our customers. After all, the faster you put the lock on the door, the sooner you can protect your valuables.”
Voltage SecureData Payments provides Epicor customers with maximum data security from the payment terminal (typically Ingenico) to the back-end payment processor. Thanks to point-to-point data encryption with Voltage SST, at no point in the transaction is card data exposed.
“By tokenizing card numbers immediately at the point of purchase, we’ve gone beyond PCI compliance to actually eliminating clear data from the transaction process,” Wilson remarks. “That’s the number-one way we assure our customers that Epicor is doing everything possible to secure their businesses.”
Mullen is also confident that Voltage SecureData Payments will protect retailers even if a cybercriminal does manage to break through all other network security barriers.
“Tokenization is where the benefits ultimately come to roost,” he says. “Payments, voids, returns – everything a retailer needs to successfully and securely transact business at the point of sale – can be handled without complications, retraining, or any changes to normal operating procedure. And at the end of the day, even if someone sneaks in to take data, there’s nothing useful to them.”
In addition, Wilson appreciates that Epicor can scale the data security solution to support thousands of retailers transacting billions of dollars through its payment gateway each year. “The scalability of Voltage SecureData Payments is great. It already gives us five times the capacity we need today and easily matches the scalability we’ve built into our payment gateway.”
Epicor clearly recognized the value of Voltage SecureData Payments. Just as important, so did its customers. That was evident in the rapid sales when Epicor introduced Voltage SecureData Payments to the market.
“The sell-through for us was staggering,” declares Mullen. “Among our 5,000 retail customers, typical sell-through of a new product is 10%, or about 500 units, over 12 months. When we launched our offering of SecureData Payments, we sold 1,100 units in the first three months. This was far beyond our expectations.”
The value of the Epicor data security offering was further validated when one of its biggest customers, Ace Hardware, recommended that all its store owners purchase data security from Epicor. Companies like Ace recognize the importance of protecting the integrity of its store network, as well as the trust in its brand. For the individual retailer, the biggest benefit of data security is simple peace of mind.
Wilson concludes, “A lot of our customers are family-owned, neighborhood stores. They’re genuinely worried what a data breach could mean to their livelihoods. Before, they felt pretty defenseless. But now they get both reduced risk of a data breach and the peace of mind that comes from knowing they have a robust solution to help protect their business.”
Tokenization is where the benefits ultimately come to roost. Even if someone sneaks in to take data, there’s nothing useful to them.
