In this interview recorded live at the Financials 2014 conference, Bill Rady, Director of Customer and Business Services at State Industrial, and Eric Bushman, Vice President of Solutions Engineering at Paymetric, discuss State Industrial's payment card and PCI compliance journey. In the interview, Rady describes the drivers behind State Industrial's move to automate its payment card processes and the role SAP partner Paymetric has played in that process. Rady also covers the move to a SaaS-based model and lessons learned in State Industrial's journey to PCI compliance.
Lucy: Hi, this is Lucy Swedberg with SAPinsider. We’re here live in Orlando for our Financials 2014 conference, and I’m delighted to be joined by Bill Rady from State Industrial.
Bill: Good morning!
Lucy: He’s currently the director of customer and business services. And also we have Eric Bushman from Paymetric.
Lucy: He’s the VP of solutions engineering there. We’re here today to talk a little bit about State Industrial’s journey with their payment card and PCI challenges, so to start us off, maybe Bill, tell us a little bit about State Industrial in general so we can get a feel for your company and your role there as well.
Bill: Sure. State Industrial is a manufacturer and distributor of specialty chemicals … anything that you’d see to manage/maintain your business environment, your work environment, so to speak. We make products that clean carpets, furniture, we also make water treatment products, air care products, anything that you’d use to manage your business environment.
Lucy: Okay. And your role within the organization?
Bill: My current role is director of customer and business services, and that role is essentially I’m over anybody in our corporate offices that has a conversation with any one of our customers, over our insights sales group—that we have people fill in for our field sales group, we got direct selling people on the field that terminate, we’ve also got a sales service and a customer service group so any of our sales reps that call into our group with an order, place an order through that group. I should mention that we’re a little bit different than most companies. We have a direct selling force of about 350 people in the United States, Puerto Rico, and Canada that sell our product. We have no storefronts and these people essentially make typically six to fifteen sales calls per day, talk to our end customers and then call us and place orders. Another aspect is we’ve got several different sales divisions, that’s what kind of makes our business situation a bit unique, we’ve got State Chemical Solutions, essentially our largest sales division where we sell our specialty chemicals as I mentioned before, we’ve got a sales division in Phoenix, Arizona called Neutron Industries where we sell similar products but we sell them under a different brand name and we typically sell them to smaller customers—it’s purely a tel-sales outfit where we’ve got 120 people on the phones making calls, about 16,000 per day out to our customer base to try and sell, and we’ve also got a sales division, State Cleaning Solutions, that is a what we call ware-washing division, they typically sell to restaurants and also to housekeeping facilities, it may be a hotel or also healthcare facilities as far as nursing homes, and there we sell ware-washing, we lease products, dishwashers to companies, and we also make and sell the chemical products that go into those dish washers, and we also maintain that, also laundry equipment.
Lucy: Ok. So there’s a lot going on here.
Bill: Lots going on!
Lucy: So I think that’s actually segueing to, maybe to set the stage, with all that’s going on in the organization, and I understand we’re going backwards in time quite a bit, but could you talk a little bit about the sort of difficulties that you were running up against? Does it set the stage for us from what it looked like before you moved to a payment card solution?
Bill: Sure. And it’s been an evolution over the last, actually, fourteen years when we started out. Just to give you a little background, we started out with SAP in 1998. We quickly found that our payment card volume was increasing at a pretty brisk rate, and we found that our process to get our payment cards in our system authorized and settled was excruciatingly painful, very manual. We were to the point where our people, if you remember back in the old days, our people would get up out of their chairs after placing an order, walk over to an authorization machine that was provided by the bank and type in the card, got the authorization, walked back, and typed the approval code into our system.
That was our first start, we got that completely automated in SAP where we can take the order online and get an automatic authorization and then subsequently a settlement when we invoiced our product which was typically the same day. Then we started to get more requirements typically from our larger customers with regards to level two and level three information that they needed on their payment card statements. Typically end consumers see one line of information, they’ll see the company name and then they’ll see the amount, and then what companies with big purchasing groups want is information on that payment card so they have all that in one spot. We rolled that out in ’03 and also in ’05 where we were able to get level three payment card information which is your company name, your purchase order information, and all the subsequent item information that they bought so a purchasing group or accounts payable group could see this information and know exactly what was purchased. It helped out a lot, and it helped us get a lot of business. Today we do business with the government and that’s one of the requirements of some of their groups.
Eric: It’s a big cost saver for you too. Passing that extra data reduces your interchange value.
Bill: Yes it does, yes it does! Very much so.
Lucy: So just to talk a little bit about the evolution and how your relationship with Paymetric started, you know, what was the trigger that you sort of needed to go find a solution or a partner to help with your challenges?
Bill: Way back at the time, we knew enough that we didn’t know enough—that is—there’s got to be a better way to process payment cards, better than what we’re doing today … this is too difficult.
Lucy: Can’t be right.
Bill: And what we were really concerned about was—and I was a former IT manager—what we were always concerned about it seems is the unique way we do business when we talk with vendors, and we needed a vendor to help us really understand our business and really help us to develop a solution.
Lucy: Right. So tell me a little about, you know, when you were realizing you had this need, what you sort of did to evaluate different options in terms of a partner out in the market?
Bill: Ok. We looked at—when looking for a partner for payment card processing, what we looked for is a vendor that would really understand what we needed. In addition we were looking for a vendor with excellent technical expertise in the field, most importantly at the time a vendor that had an approved SAP interface was very important to us. We wanted vendors that could show us the wins that they had with other customers and really understand in detail to us what’s going to happen, and that could really answer our questions for us.
Lucy: Great. So this is a nice segue, I think, Eric, to you to talk a little bit about maybe your first relationship with State Industrial and your sort of assessment of their challenges. Can you talk about that a bit?
Eric: State Industrial like Bill said was probably one of the first companies that actually used the credit card processing functionality in SAP, and that would have been back around 1999, 2000 that we first began speaking. The functionality was relatively new to SAP at the time, and we probably only had a handful of customers, I think you were probably one of the first ten or so customers, so very early adopters came to us with a need to process their credit cards in an automated way, wanted to reduce the errors of manual entry, wanted to automate the financial postings, take advantage of the business logic that SAP had.
Fortunately that was the business we were in so we were able to partner with them and provide a solution at the time that was an on-premise solution. Originally when companies were installing this functionality, the vendors that had solutions all installed them in-house, and as time has gone by, and now obviously we can all see in the news that there’s issues with companies being breached and credit cards being stolen, and maybe we’ve all had a credit card replaced at some point. The focus now shifts to PCI and security and Paymetric has made a transition within the last four or five years to a SAS space solution.
So State Industrial has followed that migration with us, they migrated now to where they use our solution on-demand as a SAS solution, and we also now store their credit card data outside of their system, and that’s a nod to PCI compliance and security where no longer does the merchant have that risk of that information being in their database themselves, Paymetric will take that on, so we’ve gone through several projects over the last 14 years, maybe every two, three, four years there’s a new project that we take on, but it’s been a good relationship.
Bill: It’s been a great—Paymetrics has been a great partner to be with in this ever-changing world of compliance and regulation. It was probably about four years after we installed our level three application that our payment card—MasterCard, Visa came to us and talked to us about, you know, the need to be PCI compliant, and that’s where our entire landscape changed from on-premise solution to SAS space solution.
Lucy: Got it. So you mentioned sort of the 14 years and how there’s different projects along the way, can you sort of fast forward to now, maybe what’s the recent initiative you’ve been working on when it comes to this challenge?
Bill: Ok. We’ve also got into, with our one cleaning division, we’ve also got into the use of mobile devices. We’re taking more orders than we’ve ever had in the past and we’re now embarking on a project to make sure all the information from the time a payment card is taken in your mobile devices, that information is encrypted and can’t be stolen, if you will, all the way through until it’s brought into our systems and then on to the banks for processing. In addition to that, we’re also looking at eCheck processing, similar to a conventional check today, except that we get, as a company, our money a couple days sooner.
Lucy: Right, right. Makes sense. Let’s talk a little bit about the customer experience. Do you get any feedback from your customers that this journey has made an impact for them, or in other words, the ultimate business benefit of working together to sort of provide this additional level of security for your customers?
Bill: We don’t hear much from our customers, other than our folks in the field with our direct sales force, our reps in the field are probably 90% of our customer input. We do talk to end customers. We don’t hear a lot of information from them. And sometimes that’s a good thing.
Lucy: It’s probably a good thing! Right.
Bill: Yes, because all is then working well. We do touch base with our larger customers that, like in the beginning, they required that level two and level three information. They were very happy they got that, and those are basic requirements for contracts with some of those customers.
Lucy: Ok, great. So we’ve clearly got a lot of history here between your organizations. Just to try to bring some forward-thinking advice to others, maybe attendees at this event or our readers online, could you each provide maybe a few lessons learned or common mistakes or things that you think someone might really be able to gain from this experience?
Bill: Sure. The biggest thing we learned early on is that it’s a total company project. You need to have all parts of your business, your order takers, your people in the field, anybody who has the ability to touch payment card information needs to be involved, your finance organization needs to help. We often thought of this as an IT project early on because we had to keep our data secure, but it goes more than that. When you get into PCI compliance you want to make sure your people are treating that information very carefully, nothing’s being saved, nothing’s on anybody’s desks, and also when it comes to just the financial aspect of it, in regards to balancing your books every day, with regards to settlements that you sent to the bank versus what you get back, that’s also very important.
Lucy: Great, and Eric?
Eric: I would add, it kind of goes along with what you said, Bill, where companies when they initially look at this functionality they’ll think “Oh it’s pretty easy to accept a credit card, I walk into the grocery store, I swipe my card, and I walk out,” and as Bill said it’s really an entire company effort. There’s the finance team, the sales team, the IT team that are all involved in helping implement this, and it’s not a two-day project. Just be aware of that, it’s something you’ll put in and you’ll get the connections and the setup all correct, but expect it to take a couple of months. You need to train people how to use it, you need to make sure you’re working with your banks and testing, and the security aspect is paramount nowadays, you need to make sure that all along the path that the people that are entering the credit card data aren’t also writing it down on a piece of paper and walking out with it, or only the proper people can ever view the real credit card number when needed, and there are valid business cases where that’s required. We want to do that in a safe and secure way, and make sure we monitor and log who has that access, so a lot more involved than you would normally think when you go into Starbucks and swipe your card for your coffee.
Bill: Yes. They made it look easy.
Lucy: It strikes me too as an ongoing initiative, it’s not just sort of a one-time thing and then you can forget about it, it’s just … it continues and I’m sure, as you know, we keep hearing about breaches in the news, I mean it will always continue to be a very hot topic so … I thank you both very much for sharing your story with us, Bill, Eric.
Eric: Thank you.
Bill: You’re welcome.
Lucy: Again, we’re live here in Orlando at Financials 2014, and thank you so much for joining us.
Bill: Thank you.
Lucy: Thank you.