Use Security To Differentiate Your POS Offerings

Security continues to be a differentiating factor for POS VARs and ISVs (independent software vendors). Talk of security came to the forefront when the  PCI DSS (payment card industry data security standard) was updated to version 1.1 in September 2006. The topic was reinforced again in October 2007, when Visa announced new payment applications security mandates to comply with PCI. If you haven't started offering security solutions for your hospitality customers, it's not too late to start. Three industry experts tell you what you need to know.

Capitalize On PCI DSS Compliance
When it comes to addressing credit card processing security, VARs can either do the work in-house or outsource the work to another firm. "Most large VARs should have someone on staff to address security, if they don't already," states Michele Cote, general manager of Posera Software, maker of Maitre'D. "Smaller firms that don't want to outsource the work can educate themselves online from the large credit card companies and trade magazines." Another good resource is the RSPA (Retail Solutions Providers Association) Web site: www.gorspa.org.

VARs need to educate end users as much as possible about security risks and how to protect themselves. A business that stores personal information anywhere on its system is responsible for securing that information. "If an end user puts credit card information in a field they shouldn't and the information is compromised, the VAR or vendor can't control or be responsible for that," says Fraser Brooks, business development manager for InfoSpec Systems Inc., makers of Profitek. "Instead, the VAR needs to educate the end user on what audits it can do for the customer."

Complying with PCI standards even applies to a VAR's support staff. When a VAR is working with a client's POS system, the person doing the service work may be required to look at sensitive data. "Make sure nothing post service is left hanging around. If a backup disk was made of the client's data, it must be destroyed," continues Brooks. These standards require VARs to rise to a higher level of due diligence.

Besides the revenue VARs can earn by selling and securing POS systems, they also can earn revenue by partnering with an MSP (merchant service provider). Most end users want integrated credit card payment processing, and many are interested in high-speed processing over the Internet. "VARs can partner with an MSP and generate a revenue stream by referring customers," details Harry Tu, CEO of Aldelo Systems Inc. "In many cases, an MSP will share 50% of the processing fee profit with the VAR." According to Tu, one of his dealers generates enough revenue from these monthly residuals to pay for his office lease.

Increase POS Revenues With Online Ordering Residuals
Another security-related issue VARs can benefit from concerns online ordering. End users are looking for a single portal, through their company Web sites, that their customers can use for online ordering, reservations, and gift cards. "VARs that can integrate these various third-party services into a single, secure site improve their trusted advisor status with hospitality providers," states Brooks. The greater the integration, the more difficult it is for an end user to switch VARs.

VARs can either partner with a third-party provider to offer online ordering, or they can develop the solution themselves. In either situation, Cote stresses that the VAR must ensure all data is encrypted and the servers are fully secured.
If partnering with a third-party provider, ask about its revenue sharing model. Tu recommends choosing one or two key providers to partner with.

Biometrics Becoming Mainstream For POS Systems
The third area VARs should look to for increasing security sales is biometrics. "Using biometrics in place of an ID and password for time and attendance is becoming quite popular," states Cote. These systems are typically simple fingerprint readers that plug in to a USB port.

There are several advantages for end users who choose to use biometrics. First, it eliminates the problem of lost server cards. It is also quite easy to remove someone from the POS system if they leave the business. Biometrics simplifies an end user's operations, as well. "In the hospitality industry, one person can have a server card for the POS system, another card for the front desk, and yet another for accounting," explains Brooks. "With biometrics, a fingerprint is a fingerprint regardless of the system." A fingerprint scanner also eliminates any buddy-punching (the practice of one person clocking another person in or out) that might be occurring.

The VAR benefits two ways by offering biometric devices for an end user's time and attendance system. The first is simply on the sale of the biometric device. These readers are more expensive than card readers, so a VAR's hardware sales will increase. Second, by offering biometrics, a VAR has a reason to follow up with established clients. A VAR should contact clients it has had for two or three years  and talk to them about new biometric equipment. By switching out card readers with fingerprint scanners, a VAR could sell a lot of readers while streamlining a client's operation. Whether they purchase the new equipment of not, there is also the opportunity to talk about software upgrades.

VARs should take advantage of the security trend of integrating an end user's POS and back office solution with its accounting package. Work with your customer to determine what it needs. Does it need data transferred in real time or periodic batches? If the end user is a hotel, does it want its POS system integrated so a room service order is charged on the hotel folio? "VARs or ISVs can take information from the POS system and push it to the accounting systems," says Cote. "There is no generic interface, so the VAR can develop a custom interface based on the end user's needs."

By offering security solutions, a VAR can differentiate itself from other competitors and increase its revenues and its trusted advisor status with its clients. So, if you haven't already, take these experts' advice, and consider adding a few of these solutions to your offerings this year.