July 29, 2024 • 31 mins
In this episode of the Restaurant Technology Guys Podcast, Jeremy interviews Travis, an expert in credit card security and tokenization, from VGS (Very Good Security). They discuss the importance of security in the restaurant industry, the role of tokenization in ensuring PCI compliance, and the benefits of owning customer payment data. Travis shares insights on how VGS helps restaurants and other merchants improve their security and customer experience by protecting sensitive data and enabling flexible payment processing. He also provides examples of successful implementations and the onboarding process for new clients. The episode highlights the growing need for advanced security solutions in the face of increasing data breaches and the importance of understanding customer data for targeted marketing.
00:00 Introduction and Welcome
00:20 Meet Travis: Background and Experience
02:51 Understanding VGS and Tokenization
04:07 Importance of Security in Payment Processing
05:08 Challenges and Solutions in PCI Compliance
08:11 Enhancing Customer Experience with Tokenization
15:23 Portability and Flexibility of Tokenized Data
23:22 Customer Success Stories
26:57 Onboarding and Implementation with VGS
29:58 Conclusion and Final Thoughts
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:02):
This is the RestaurantTechnology Guys podcast.
Helping you run your restaurantbetter.
Jeremy (00:10):
Welcome back to the restaurant technology guys
podcast.
Thank everyone out there forjoining us.
As I say, each and every time Iknow that you've got lots of
choices.
So thank you guys for hangingout with us today.
We are going to live in theworld of, credit cards and
tokens and, and all things,credit card and security and all
of the different things that weneed to be dealing with for Omni
channel, I'd like to introduceTravis.
(00:31):
Travis, can you, let everybodyknow who is Travis before we
jump into what Travis gets to dofor a living?
Travis (00:36):
Hey Jeremy, yes, thank you very much.
I'm, I'm Travis.
I'm based out of Edmonton,Canada, and I, not jumping right
into what I do.
I love software.
I love helping people.
And I love the, I love how thosetwo things play together.
Jeremy (00:51):
I love it.
And a little bit of background,Travis, just because again, as I
sit and listen to some of our,or talk to some of our
listeners, they'll share where'sTravis from, or, talk to me a
little bit about the backgroundbecause, I'm guessing, this
isn't your first foray into,software and the technology.
So give me a little bit ofbackground and where you from
before we jump into it.
very good security does
Travis (01:09):
yeah, absolutely.
So I'm, for a long time, I'vebeen a software engineer.
I've been, I'm very, I've workedin the Linux stack.
I've worked in Windows stacks.
And I've been, Very deep intothat world, and then I moved
over into the sales side of thehouse.
About, midway into my career,and I started learning more of
the business side of things, andjust understanding the way that
(01:29):
people think, and understanding,why people were buying the thing
that I was building.
That's, I think that's what Iwas curious about.
It's I got tired of justbuilding, and I wanted to
understand the reason that, thatpeople actually cared.
And then out of that, the, thosetwo things, like those two sides
of the house have also gotten towork in implementation and work
with some large enterprises and,like really understand the way
(01:52):
that, that businesses think andthe way that they.
what's important to them and howthey use software and how they
use in this specific realm, howthey use tokens and tokenization
to, to help increase their,their offering to their
customers.
Jeremy (02:07):
I, I love working with developers that actually have
talked with a customer or talkwith an end user to figure out
what that looks like, becauseoftentimes they're like, it
meets back.
This is what the spec said.
And it's that didn't reallyactually meet what the customer
needed.
I don't care that it meets back.
I don't care that it met therequirements that are on the
sheet of paper, regardless ofwhat.
software methodology you'reusing, it doesn't work to fill
the customer's needs.
(02:28):
And we often talk about on theshow, technology for technology
sake is worthless.
Technology that solves businessproblems is, is hugely important
and making sure that you cansolve it with, business
problems, personal problems, andproductivity problems, whatever
those things might be.
And Travis, she.
You get a chance to work in kindof a, I don't want to say a
unique area because it's notreally that unique, but it is
definitely something that isunderrepresented in the
(02:50):
restaurant space.
I would say, I lived in thespace for the last 30 years and
while I think it's gainingmomentum, I'd love for you to
talk a little bit about whereyou're at now and what you guys
have been up to at your currentrole.
Travis (03:02):
Yeah, thanks.
So I, I guess just to start offwith who VGS is and where VGS
fits into the whole merchant orrestaurant space where, we're,
where are the world's largesttokenization provider.
And What that means is whencredit cards are entering our
customers network, we ensurethat all of that data is
tokenized and before it reachesthem.
So by, by default, they arealways PCI compliant, and then
(03:26):
they can operate on that datawith, with the token versus
using the original data.
So it's a lot more maneuverable.
I was just talking with acustomer yesterday about, they
were, singing the praise, so tospeak, about how much easier it
was to maneuver with VGS versushaving to do this all
themselves.
And with that, yeah, that'swhere, that's where VGS fits in
(03:49):
and where, where I am in that isI help with the implementation
side of the things.
I'm head of client operations.
That's everything from makingsure that what we're selling
fits a real need with thesolutions architecture side of
the house, and then implementingit, we work with a wonderful
team of project managers and,and solutions engineers, and
then obviously technicalsupport.
(04:09):
So making sure that whatever weimplement, the customer stays
happy.
Jeremy (04:14):
thank you for that explanation.
and I think, there's two pathsthat I'd love to go down.
And so the first is you talkedabout security and so let's talk
about security and how criticalthat is to a brand's reputation
and why something like BGS is socritical to understand what's
Why tokenizing the card andgetting the cardholder data out
of the environment is socritical.
And then later in theconversation, we'll talk about
(04:35):
omni channel and how tokens giveyou the ability to have guests
be able to do order online, pickup in store.
And what does that look like?
And all of those differentthings, but let's start down
that security path, Travis, ifyou wouldn't mind, talk to me a
little bit about kind of thestandard non VGS implementation
that you guys walk into, becauseI think all too Owners of
restaurants, owners of brands,marketing companies and such.
(04:58):
They don't understand how muchrisk their business is at in
certain environments becausethey want the operational
solution.
They want the guest satisfactionsolution, but they don't
completely understand whatimpact that could have if they
don't do things properly.
So would you mind unpacking thata little bit for me?
Um,
Travis (05:17):
absolutely.
that's a fun question.
So let's say VGS is introducedto a, to an organization and
they're there, there's reallytwo sides of the fence, one
where they're in danger and theother one where they're limited
in their ability to maneuver.
And and the one where they're indanger is the, where they're
handling customer datathemselves and it's in its raw
form.
(05:38):
And, that, that's either goingto mean that they're, they're
under PCI, like they've gonethrough the PCI rigger and
they're, they have, how's theirsystems.
And that's a, it's a veryexpensive way to do things these
days is like actually go throughthe PCI compliance yourself.
And it's also when you startdealing with risk teams, it's
just not worth it.
It's like a lot of, like thereason that you would do that is
(06:01):
so that you have the ability tochoose different vendors.
You have the insights over theactual car number.
that you're, that you're using,you can find the issuing banks
of your customers, but that'snot necessarily worth it to a
large organization who's moreconcerned about brand reputation
and having things be stolen and,and clear, obviously if you get
(06:21):
all these customers to sign upfor your app and then the data
that they put into your app getsstolen by a group of hackers.
That's incredibly detrimental toyour, to, to your customers and
to how people perceive you.
And, so that's one, that's wherethey're in danger.
The other one is where they'relimited and that's where they're
using a single vendor.
or so they're, let's say you'reusing one payment service
(06:43):
provider to process all of yourpayments are, and then, so now
all of a sudden you're lockedinto the technology for online e
commerce.
Maybe you have multiple brandsthat are associated, but they.
You don't want them to all havethe same, the same processor or
for contractual reasons, youjust don't, let's go at it from
the perspective of they, theyhave multiple processors with
(07:05):
this.
and so as soon as they have adifferent processor in store and
online.
And that can, that's usually atechnology question of who has
the best offering for what, whohas the best contracts for what,
maybe it's a, maybe it's a geo,it's a geography thing.
Like in one country, you canhave one processor in another
country, you can have adifferent processor, or, online,
(07:26):
you can have a separateprocessor altogether.
What we're finding is customerswith that problem, they can't,
they don't have the, they don'thave the ability to tell when a
customer is in store versus whenthey're online.
how do they track that customerall the way through?
So if there's a customer comingin, let's say I sign up.
(07:48):
let's say I, I go to ABC, ABCCoffee House, just like a random
restaurant.
And I, every day I go in thereand I order my mocha.
And then years down the road, Igo in and I download their app
and I start, And I put my SIMcredit card into their app.
If those processors arecompletely different, then they
(08:08):
have no way to, to correlatethat they have no way of knowing
that I'm actually a long termcustomer and this is exactly
what I want to order.
Jeremy (08:16):
yeah, without tying that with that, without tying that,
that customer on the card numberside, together.
Travis (08:21):
exactly.
So where we come in is we helpthe customers or we help, we, we
help the end customer get abetter experience because like I
signed up for the app and thenall my, the company already
knows who I am based off of thecard number.
And then that information can beused to, to, to market to me and
say Hey, like you might likethis as well.
(08:42):
You might, and also here's yourentire order history.
It's a lot you can do once youget control over the data.
This is when it's all when it'sall stuck with one customer,
Jeremy (08:51):
yeah, so I'm going to tease out the whole security
thing.
Cause again, my wife, recentlygot hacked on the app.
At, her favorite Bobo place.
My eight year old daughter lovesto go to this mobile place up
the road.
And somehow they, the hacker gotinto their, into their data and
started charging, charging thecard on a regular basis.
And it was small increments, butat this point now my wife will
(09:13):
no longer put her card numberinto the app and quite frankly
has considered, and there's beentimes she has moved to another.
Brand because of that, are youfinding that these types of
things are still happeningbecause I get, I'll go talk with
restaurant brands and they'relike, you're kidding me.
People are still getting cardnumbers.
People still have, clear textdata being transmitted or these
(09:35):
kinds of things.
And so I guess educate ourlisteners a little bit and
you're, for those that arewatching on video, they're
probably going to see Travis'sschmirk because at the end of
the day, I think all too oftenwe.
Have this false sense ofsecurity that all of this stuff
is heavily encrypted and youcan't get into it.
And the truth is that's not thecase in so many of these types
(09:55):
of environments because of onething or another, sometimes it's
operational.
We can talk down the operationalpath and kind of that.
And then there's other timesthat just you're either
uneducated about it or the techdoesn't support it.
And so you leave things in cleartext.
So how often are you runninginto that?
And what is that impact on thesecurity side if and when brands
get, get hacked?
Travis (10:14):
yeah, good question.
So I'm finding where companiesare just fully non PCI
compliant, like they're justnot, they're, they just aren't
caring about where the PCI datais at all.
That's.
That's rare, but it like, I didhave a situation recently where
a new tech lead took over aproject and it wasn't at VGS.
(10:35):
it was a, it was at anothercompany, but they took over this
old product that had beenoperating for a decade.
And then they, as they dug intoit, they realized that nothing
was like, none of the PCI datawas being stored correctly.
It was, and it was a rush to, toget VGS implemented into this
old tech stack, and which was,built in, I think it was 2008,
(10:55):
and then they had to almostovernight implement to this
solution, which is where VGSshines, because then we come in,
we drop into either side, and wejust, Protect that environment
and then so yeah, it definitelydoes happen where companies are
just like maybe for Legacyreasons they haven't updated
their systems.
That's typically what's happenednew things are almost You know,
(11:18):
They're often built with thingslike, like PCI in mind,
specifically with VGS and then,but that's a, yeah, that's
definitely, that's a problemI've seen.
Jeremy (11:29):
the other thing that I often find when I'm looking at
these things, and I'm certainour listeners will resonate with
this is that at some point,somebody made a decision that
says, we'll patch this.
We'll fix this.
But in order to get live, we'vegot to get this data in clear
text to be in this environment,and we'll just put the security
in place.
But now, A new CMO comes in, anew CIO comes in.
(11:52):
They don't know that stuff'sthere.
They're filling out the SAQ, theself assessment questionnaire,
or they're even doingpotentially some onsite audits,
and that is not part of the PCIenvironment, for whatever
reason, cause your auditorsoften don't know.
And if they're just trying toget a paycheck, they may or may
not ask those things.
And so what I'm finding is thatpeople think that it's that way
and it's only until they getbreached.
(12:14):
That they then get to a pointwhere they're like, Oh crap, I
had no idea this was there.
Or yeah, we never got around tothat project because everybody
is in, everybody's overworkedand everybody has more projects,
especially on the it side thanthey have time to deal with.
And so marketing's coming tothem with a pile of another five
projects, operations got anotherthree projects they need to do.
Finance has got two projectsthey need to do and they go,
Hey, we got it live.
(12:35):
Let's go, let's move on to thenext project.
And they never circled back.
And know, obviously we'd lovefor them to engage with BGS and
see if this is a solution forthem, but what should they be
looking for?
What are the types of thingsthat you look for when you're
asking these questions?
I'm an owner, I'm a CEO.
I've got a brand of 10restaurants right now.
I'm that ABC coffee shop.
I've got 10 coffee shops and I'mnow sitting down on my one on
(12:56):
one with my it guy, what typesof questions should they be
asking them to think aboutWhether VGS is a, or a
competitive solution would be inthat environment because I think
helping them to get to a placewhere they can get educated
about this would be reallycritical to seeing that there
truly is a problem and that theyneed to implement a solution
post haste
Travis (13:17):
Yeah.
Yeah.
Okay.
So there's really, there's a fewdifferent things that I would
ask people to just to bethinking about, which, and one
is, it's the most obvious, whichjust know the flow of data, like
understand.
Understand really well how datais entering your network and how
data is exiting and have thatdocumented and that's where VGS,
like that's where VGS comes inand helps is okay, so there's
(13:39):
all these different ingresspoints into your network and
they have PCI data and I'msorry, we're focusing on PCI,
but it's not always PCI data.
It could be customer phonenumbers.
It could be, it could be emailaddresses.
It could be stuff.
Exactly.
Social security.
No, exactly.
Like all of these things areconsidered sensitive, even if
they're not, even if they're notPCI per se.
(14:00):
And so all of those data ingresspoints you, you have to be aware
of and you have to understandhow they're interacting with
your applications.
I've worked with some very largevendors or some very large, some
very large merchants in the pastwho were just storing credit
card numbers in plain text intheir system.
And I was shocked, but theywere.
That's just how it's always,that's how it's always worked.
(14:21):
And that's, they didn't feellike they could change it at
this point.
So that's where, that's where westep in.
So understanding the data andthen also understanding like on
the other side of the house,like we've talked about how to
secure the data, but then alsoif you, let's say you don't have
access to the data, you're usinga PSP and you're just getting
their token.
how would your life change ifyou did have access to the data
(14:43):
and like how much control.
What do you have in that case?
And cause that's the other side.
That's one is the security.
And then the other one isoffering the maneuverability
between vendors and making, andwhat that turns into in reality
is you can perform more fraudchecks, you can perform.
you can perform KYC on certaincustomers in different
situations.
(15:03):
You can have a multi processororchestration solution.
So rather than just sending,trying to perform a payment with
one PSP, you can have a, you cansend it to a bunch of different
PSPs and, or you could utilizethe network technologies like
network tokens and, get theupdated PAN so that your
payments don't stop working, Oneyear down the line when the card
(15:24):
expires.
So yeah, there's a, those arethe kinds of things.
It's like, how do you protectyour system?
And if your system is protected,are you limited by the way it's
protected right now?
Jeremy (15:34):
Yeah, and I'd love to, I think that's the next thread,
Travis that I'd love to go downas that whole idea that says,
what do you get when youtokenize this data?
Because I think there's, again,I think we all as consumers,
because we work on apps likeAmazon or walmart.
com, these things, we expectthem to know everything about
us, but in online and offlinecommerce, it's tough.
(15:56):
And most systems were designedfor one or the other.
And, loyalty tries to bridgethat gap.
Some, CDP solutions try andbridge that gap.
We've had multiple loyaltyproviders and other solution
providers.
But one thing that stays prettyconsistent is how are you paying
for this product?
And you typically have one tothree cards that you're paying
for your offline and onlineproducts in any normal consumer
(16:18):
environment.
And so talk to me about theportability of that.
Before we jump into kind of theflexibility of even being able
to do multiprocessor and all ofthat, because I think that also
is very underutilized, but theportability and the
understanding that you are whoyou are, because I'm tying your
customer record to yourtransaction record to your
payment record is Data that thebest of the best have, but most
(16:43):
don't.
Travis (16:44):
yeah.
And that's, that, that's whatwe've seen a lot actually is
like the largest merchants, butlet's say the rigor of creating
their own PCI environment.
And so they do have that dataand they can correlate.
We're, what we're actuallyseeing, like the trend that
we're seeing is even thosemerchants don't want to maintain
that the PCI data, that PCIenvironment anymore, and they're
(17:06):
trying to offload it.
They're trying to, they'retrying to get an off-network
vault to just to simplify theirstorage and simplify their,
their compliance burden.
But yeah, what we, what we'veseen.
what we've seen with the that'swhat the largest players and
then with the mid market, likewith the, with those medium
sized restaurants with thosemedium sized merchants, what
(17:29):
we're seeing is even they wantto have insights into their
customers.
They want to know more abouttheir demographic.
They want to know how manytimes, like Jeremy, how many
times you are going into therestaurant and making purchases.
How, what are your movementpatterns?
What, how can they better marketto you?
And if they roll something out,how does that new, how does that
(17:49):
new offering that they'regiving?
How does that, how does thatplay with their historical
customers?
And, yeah, it's a, it'sdefinitely like a ton more
insight because at the end ofthe day, like my credit card
number is tied to me.
That's I use it almost every dayto, to make purchases.
And that's one, one source oftruth.
Thank you.
And if you can correlate thatbetween in person and online
(18:09):
transactions for that omnichannel, that's where it becomes
really interesting forrestaurants.
Jeremy (18:15):
it's funny.
I, that was actually where I wasgoing is there's also this, and
retailers, grocers, restaurantshave struggled with kind of the
buy online pickup in store, butnow I get to the store and my
wife calls me while I'm drivingto the store and says, I didn't
know Johnny was staying over fordinner.
Can you pick up another sandwichfor Johnny?
Now I got to pull out a secondcard, but these things happen.
(18:35):
They happen in life.
And if I was just going there,30 years ago, I didn't have the
ability to order online and pickup in store.
I just went to the store.
I called the store and I paidwhen I got there.
Now people are on the go.
they're ordering from the app.
They go in and pick up theirfamily pack for the four of
them, but then somebody else isstaying over.
And now you got to figure outhow do I add to that order
without necessarily, or I'vesent my teenage son to go pick
(18:57):
up the food.
cause I'm not door dashing.
And he doesn't have a creditcard in his pocket to pay for
that additional meal.
Talk me through how this omnichannel experience is capable.
Once you get to, this vaultconcept, cause now I should be
able to pick up that transactionin store, go add to it, recharge
that same card.
Cause you've now tied that cardto that transaction.
Talk me through what that lookslike.
Travis (19:18):
yeah.
Okay.
So that, that, that's reallycool.
So let's say in that kind ofsituation where a customer is
paying and then they want tomodify that transaction down the
road, that's where tokenizationcomes into handy.
Let's say you pay up front andthen you actually load your card
into an environment.
Yeah.
Then any modifications can stillbe tied to that card, to that
transaction down the road.
(19:38):
And then you can, like it, itgives the business a lot of
control over the experience thatthey want to give their
customers.
And then, what we also see islike QR based payments where,
you're in the store and you wantto actually pay.
Pay by QR versus pay by, versuspay by traditional credit card,
or maybe you want to tie thosetwo.
And then, so those are the kindof offerings that, that you can
(20:00):
begin to, that, that you canbegin to see, with that.
And the other thing that I'll,that I'd say is what we've seen
customers do, or what we'veseen, let's say, different
processors do is that they wantto give instant rewards to
customers.
in, in your situation, they madethe payment online, and then
they go in store and they, let'ssay they do have their credit
(20:23):
card, they want to make apayment.
That, that transaction caninstantly be associated to their
account simply because they madethat payment in store.
And that's all, that all goesdirectly into the merchants,
into the restaurant's datawarehouse and they can update
their, they can update theirrewards based off of that.
And so it's just, it gives waymore control over the customer,
(20:47):
it gives way more control to themerchant and a way better user
experience.
to the customer.
Jeremy (20:53):
Okay.
I got two other trains ofthought that I want to go down
before we adjourn for the dayportability.
a lot of times, and I sayportability, oftentimes people
processors, because it's part oftheir value proposition.
We'll offer these services, but.
Then the customer is locked intothat processor because now they
own the token, versus thecustomer owning the token.
(21:13):
And so for those that aren'twatching on video, I got a
little bit of a smile.
So talk me through why having athird party token is better than
having a token offered by thecredit card processor.
At the time, talk me throughmany reasons.
I'm certain there's lots, but I,for me, the big one is the
customer is your customer asmuch as they are, whoever the
processor's customer is, andthey're more likely your
(21:35):
customer, because they're theones delivering the goods and
services.
They're just taking the payment.
Travis (21:39):
Absolutely.
So when a customer comes to youin, in, let's say you're using a
standard, like a standard PSPtokenization service and you
aren't really thinking about,what that entails and when you
get that value or that, thattoken from the PSP it can only
ever be used with them.
And what that means is you arevery locked in to their
(22:00):
environment and migrating off ofthem is a whole that's a large
scale project, just changingPSPs.
And it also means that if thatPSP is down, then you're hooped.
that's a, you're, if you arefully tied, your revenue is tied
to that processor.
And what, what BDS does is Weallow merchants to take control
(22:23):
of that data, and they reallyown their customer in a very
practical sense, which isthey're owning, they're owning
the payment credential.
And so it's no longer, it's nolonger the PSPU who has access
to that, but it's them, and ifthey want to add on an, add on a
new payment service provider,and this might be to change
geography, let's say, companiesdoing well in the U S they want
(22:43):
to branch into Canada.
They want to branch into Mexicoor into Europe.
They can add in the processorthat's best for them there.
And then using the same datacollection platform, it's going
to drastically reduce the amountof work it takes to onboard that
new processor.
And really simplify theiroverall architecture, because
it's all being stored the sameway.
They're just sending it to adifferent, to a different third
(23:04):
party.
In this case, that would be,that would be the PSPs.
Jeremy (23:07):
Yeah, no.
And I love that thought.
And I think.
All too often we get stuck withguest experience.
That's bad because tech hasn'tthought through these things.
And so it's this, Oh, I can'tuse this payment here because
you're, we're even the offlineonline, some online providers
for online ordering only supportcertain processors, certain POS
in store only support and otherprocessors.
(23:27):
And so you've got to figure outhow to tie those things
together.
Last kind of train of thought.
Talk me through some customersuccess stories.
Talk me through some foodservice operators, what did life
look like for them before VGS?
And then where have you seenthem really expand the using
your guys's offering to helpcustomer experience and our
business experience and make thebusiness better.
So I don't put you on the spot,but I love hearing success
(23:50):
stories and our customers, thelisteners to the show constantly
come back and go, Oh, When youshared this and this about this
customer, it really resonatedwith me.
So if you can come up with oneor two quick stories, that would
be awesome if you could sharethat.
Travis (24:03):
yeah, that's that sounds great.
So I the first one that comes tomind is probably It's probably,
it's one of the world's largestQSRs.
And what we do for them is weenable their marketing
department to get really deepinsights into the, into customer
movement and to, into whatcustomers, and to what customers
(24:24):
are looking for and what thatturns out in.
what that looks like at atechnical level is every day we
are receiving batch data withthe card numbers in them from
all of their differentprocessors.
This is for multiple countries.
So every, at the end of the dayor multiple times throughout the
day, we will receive settlementfiles and then we will tokenize
all of the card numbers in thosesettlement files and forward
(24:46):
them on to Forward them on tothe QSR, and then that, that,
that restaurant at that pointcan ingest that data into their
data warehouse, and then theycan match up the online versus
the in store transactions, andthey can say oh, this is what
Jeremy likes, and if we cantarget Jeremy, and in this, at
this time, like on Fridays, hereally loves This like X and
(25:09):
then so then they can market toyou very specifically like that
and it allows them to get reallycreative with how they
understand their customers.
And, yeah, that's a pretty cooluse case and just to see how
that's developed in the, in theworld and, like enabling those
marketing, enabling thosemarketing insights.
Jeremy (25:29):
and at the end of the day, you've talked about
customer experience.
And now delivering to thatcustomer, something that might
be relevant to them is reallycritical.
so long for so long, marketinghas all been about, let me just
put out a message and hopefullypeople, the message resonates
with people.
But as we've gotten to a morepersonalized world, people want
message.
we're getting inundated withthousands of messages every day,
(25:49):
tens of thousands of messagesevery day.
And so the more relevant I canmake it to Jeremy father of four
married, in this demographicthat's looking for this, I just
was sharing, before we hitrecord.
This past five days I've beenwith my college age son and my
spend patterns were different.
My traffic patterns weredifferent.
I went to some of the samebrands that I go to at home, but
(26:11):
it looked different.
And my food, my food consumptionwas different.
Whereas my wife was home, withthe other kids and doing
something different.
And so with that being able totie that data and then being
able to give me a relevant offerwould have been really critical
to help them understand what'sgoing on.
Why and where, what might havehappened as it related to my
patterns, just even over thelast week.
Travis (26:33):
yeah.
that's absolutely what we'reseeing is it's all about
understanding the customer andlike from a marketing
perspective, it's no longer justtargeting everybody, it's
targeting one person.
Like they're targeting Travis orthey're targeting Jeremy and
they're and it's I think thattokenization is, like VGS has
changed the kind of servicesthat can be offered because of
(26:55):
that.
and They can now target oneperson, be like, we want to give
this person a good experience,rather than saying we want to
target this demographic even.
It's a, yeah, it's a, it'spretty, it's pretty remarkable
on that front.
Jeremy (27:08):
so I've now sat through this last 30 minutes and I'm
like, I need what Travis has.
What does it look like?
What does the onboarding looklike?
What's the engagement look like?
Do they just call you and say,Travis, can you install this
tomorrow?
obviously I know that's nottrue, but, help me understand if
I was a listener out there andI'm like, you know what, I gotta
have what VGS.
that's what that stands for.
If I didn't say it already, whatyou guys have, what would an
(27:28):
engagement look like?
And what's an ideal customer foryou guys to make sure that you
guys are hitting the market and,making some stuff happen.
Anybody that's ever run arestaurant knows the craziness
that happens during a mealperiod in a rush.
One of our partners, RestaurantTechnologies, Total Oil
Management Solution, is an endto end oil management system
that delivers, filters,monitors, and recycles your
(27:50):
cooking oil, taking one of thejobs that none of your team
wants to do, and takes it offyour hands, allowing your team
members to focus on their guest.
Control the kitchen chaos withTotal Uh, restaurant
technologies and make yourkitchen safer while maximizing
your staff's time.
The solution can be provided atno upfront costs.
(28:10):
If you want to learn more,please check out rti inc.
com or call 888 796 4997.
Travis (28:20):
yeah, good question.
So I think first thing shouldalways be like, come and talk to
us and come and work with ourpayments experts and understand,
Where VGS can fit in the flowand how we can help you.
And then I, like from anonboarding perspective, like
that's my language.
that's that's where I, that'swhere I focus a lot of my time.
And from an onboardingperspective, we're going to
(28:41):
dedicate, we're going todedicate resources to make sure
that they're successful, likeour customers get good service,
our customers.
They like, we, we get introducedto the processors.
And we manage that migration,like that's typically a
migration process that happensso that we can get all that
data.
And then we, we work veryclosely with the customer
developer teams over the courseof, either weeks or months,
(29:04):
depending on, depending on theclient, making sure that they're
tokenizing data correctly,they're PCI compliant in how
they're doing it, or.
If it's not PCI, then they'rejust secure and they're
protecting the SSNs correctly.
SSNs or, other data fields.
And then, but yeah, it's a lotof working with our solutions
architecture team and, with adedicated project manager and
(29:25):
just really building out thatperfect payments flow for each
business.
I've worked here for a number ofyears and it's always different.
It seems every.
Like it's never copy paste.
There's always something uniquethat a company is trying to do.
Jeremy (29:39):
It's funny that you say that.
Cause I, people that are outsideof the industry are like, Oh,
it's just a restaurant.
You just make some food and sellit to people.
It's it is so complex, andwhether you're talking about in
store above store, just acrossthe board, there's so many
different moving parts andpieces and every deployments in
some different phase.
can you, just give everybody thewebsite for those that don't and
I'll throw it in the show notes.
But if you can make sure thateverybody knows where to go to
engage with the team, that wouldbe awesome.
Travis (30:01):
Absolutely.
you can go to VGS.IO and then,from there, you can get in touch
with our team and I'd be happyto meet with anyone.
Jeremy (30:08):
Awesome.
Travis, I appreciate youeducating our listeners.
I think it's, as I said at theonset, it's such an
underutilized piece of tech.
That I think is going to becomesomething ubiquitous that
everybody's going to need.
And as I often say at the end ofthese recordings, if you're not
doing it, likely your competitoris, and so you better be aware
that they're specificallymarketing, specifically
(30:30):
understanding the guests,specifically doing these things,
not just from a securityperspective, but also from a,
how do I engage with the guestsand understand who they are and
what they're doing?
So thank you for spending timewith us, educating us to our
listeners, guys.
You guys have got lots ofchoices.
So thanks for spending timewhile you guys are checking out
various good security.
com.
if you haven't already done sosubscribe to the YouTube page,
(30:50):
subscribe to the YouTubechannel, subscribe to the
newsletter.
Love to bring you guys newcontent each week and make it a
great day.
Thanks for listening to theRestaurant Technology Guys
podcast.
Visit www.
RestaurantTechnologyGuys.
com for tips, industry insights,and more to help you run your
restaurant better.
This is the RestaurantTechnology Guys podcast.
Helping you run your restaurantbetter.
Jeremy (00:10):
Welcome back to the restaurant technology guys
podcast.
Thank everyone out there forjoining us.
As I say, each and every time Iknow that you've got lots of
choices.
So thank you guys for hangingout with us today.
We are going to live in theworld of, credit cards and
tokens and, and all things,credit card and security and all
of the different things that weneed to be dealing with for Omni
channel, I'd like to introduceTravis.
(00:31):
Travis, can you, let everybodyknow who is Travis before we
jump into what Travis gets to dofor a living?
Travis (00:36):
Hey Jeremy, yes, thank you very much.
I'm, I'm Travis.
I'm based out of Edmonton,Canada, and I, not jumping right
into what I do.
I love software.
I love helping people.
And I love the, I love how thosetwo things play together.
Jeremy (00:51):
I love it.
And a little bit of background,Travis, just because again, as I
sit and listen to some of our,or talk to some of our
listeners, they'll share where'sTravis from, or, talk to me a
little bit about the backgroundbecause, I'm guessing, this
isn't your first foray into,software and the technology.
So give me a little bit ofbackground and where you from
before we jump into it.
very good security does
Travis (01:09):
yeah, absolutely.
So I'm, for a long time, I'vebeen a software engineer.
I've been, I'm very, I've workedin the Linux stack.
I've worked in Windows stacks.
And I've been, Very deep intothat world, and then I moved
over into the sales side of thehouse.
About, midway into my career,and I started learning more of
the business side of things, andjust understanding the way that
(01:29):
people think, and understanding,why people were buying the thing
that I was building.
That's, I think that's what Iwas curious about.
It's I got tired of justbuilding, and I wanted to
understand the reason that, thatpeople actually cared.
And then out of that, the, thosetwo things, like those two sides
of the house have also gotten towork in implementation and work
with some large enterprises and,like really understand the way
(01:52):
that, that businesses think andthe way that they.
what's important to them and howthey use software and how they
use in this specific realm, howthey use tokens and tokenization
to, to help increase their,their offering to their
customers.
Jeremy (02:07):
I, I love working with developers that actually have
talked with a customer or talkwith an end user to figure out
what that looks like, becauseoftentimes they're like, it
meets back.
This is what the spec said.
And it's that didn't reallyactually meet what the customer
needed.
I don't care that it meets back.
I don't care that it met therequirements that are on the
sheet of paper, regardless ofwhat.
software methodology you'reusing, it doesn't work to fill
the customer's needs.
(02:28):
And we often talk about on theshow, technology for technology
sake is worthless.
Technology that solves businessproblems is, is hugely important
and making sure that you cansolve it with, business
problems, personal problems, andproductivity problems, whatever
those things might be.
And Travis, she.
You get a chance to work in kindof a, I don't want to say a
unique area because it's notreally that unique, but it is
definitely something that isunderrepresented in the
(02:50):
restaurant space.
I would say, I lived in thespace for the last 30 years and
while I think it's gainingmomentum, I'd love for you to
talk a little bit about whereyou're at now and what you guys
have been up to at your currentrole.
Travis (03:02):
Yeah, thanks.
So I, I guess just to start offwith who VGS is and where VGS
fits into the whole merchant orrestaurant space where, we're,
where are the world's largesttokenization provider.
And What that means is whencredit cards are entering our
customers network, we ensurethat all of that data is
tokenized and before it reachesthem.
So by, by default, they arealways PCI compliant, and then
(03:26):
they can operate on that datawith, with the token versus
using the original data.
So it's a lot more maneuverable.
I was just talking with acustomer yesterday about, they
were, singing the praise, so tospeak, about how much easier it
was to maneuver with VGS versushaving to do this all
themselves.
And with that, yeah, that'swhere, that's where VGS fits in
(03:49):
and where, where I am in that isI help with the implementation
side of the things.
I'm head of client operations.
That's everything from makingsure that what we're selling
fits a real need with thesolutions architecture side of
the house, and then implementingit, we work with a wonderful
team of project managers and,and solutions engineers, and
then obviously technicalsupport.
(04:09):
So making sure that whatever weimplement, the customer stays
happy.
Jeremy (04:14):
thank you for that explanation.
and I think, there's two pathsthat I'd love to go down.
And so the first is you talkedabout security and so let's talk
about security and how criticalthat is to a brand's reputation
and why something like BGS is socritical to understand what's
Why tokenizing the card andgetting the cardholder data out
of the environment is socritical.
And then later in theconversation, we'll talk about
(04:35):
omni channel and how tokens giveyou the ability to have guests
be able to do order online, pickup in store.
And what does that look like?
And all of those differentthings, but let's start down
that security path, Travis, ifyou wouldn't mind, talk to me a
little bit about kind of thestandard non VGS implementation
that you guys walk into, becauseI think all too Owners of
restaurants, owners of brands,marketing companies and such.
(04:58):
They don't understand how muchrisk their business is at in
certain environments becausethey want the operational
solution.
They want the guest satisfactionsolution, but they don't
completely understand whatimpact that could have if they
don't do things properly.
So would you mind unpacking thata little bit for me?
Um,
Travis (05:17):
absolutely.
that's a fun question.
So let's say VGS is introducedto a, to an organization and
they're there, there's reallytwo sides of the fence, one
where they're in danger and theother one where they're limited
in their ability to maneuver.
And and the one where they're indanger is the, where they're
handling customer datathemselves and it's in its raw
form.
(05:38):
And, that, that's either goingto mean that they're, they're
under PCI, like they've gonethrough the PCI rigger and
they're, they have, how's theirsystems.
And that's a, it's a veryexpensive way to do things these
days is like actually go throughthe PCI compliance yourself.
And it's also when you startdealing with risk teams, it's
just not worth it.
It's like a lot of, like thereason that you would do that is
(06:01):
so that you have the ability tochoose different vendors.
You have the insights over theactual car number.
that you're, that you're using,you can find the issuing banks
of your customers, but that'snot necessarily worth it to a
large organization who's moreconcerned about brand reputation
and having things be stolen and,and clear, obviously if you get
(06:21):
all these customers to sign upfor your app and then the data
that they put into your app getsstolen by a group of hackers.
That's incredibly detrimental toyour, to, to your customers and
to how people perceive you.
And, so that's one, that's wherethey're in danger.
The other one is where they'relimited and that's where they're
using a single vendor.
or so they're, let's say you'reusing one payment service
(06:43):
provider to process all of yourpayments are, and then, so now
all of a sudden you're lockedinto the technology for online e
commerce.
Maybe you have multiple brandsthat are associated, but they.
You don't want them to all havethe same, the same processor or
for contractual reasons, youjust don't, let's go at it from
the perspective of they, theyhave multiple processors with
(07:05):
this.
and so as soon as they have adifferent processor in store and
online.
And that can, that's usually atechnology question of who has
the best offering for what, whohas the best contracts for what,
maybe it's a, maybe it's a geo,it's a geography thing.
Like in one country, you canhave one processor in another
country, you can have adifferent processor, or, online,
(07:26):
you can have a separateprocessor altogether.
What we're finding is customerswith that problem, they can't,
they don't have the, they don'thave the ability to tell when a
customer is in store versus whenthey're online.
how do they track that customerall the way through?
So if there's a customer comingin, let's say I sign up.
(07:48):
let's say I, I go to ABC, ABCCoffee House, just like a random
restaurant.
And I, every day I go in thereand I order my mocha.
And then years down the road, Igo in and I download their app
and I start, And I put my SIMcredit card into their app.
If those processors arecompletely different, then they
(08:08):
have no way to, to correlatethat they have no way of knowing
that I'm actually a long termcustomer and this is exactly
what I want to order.
Jeremy (08:16):
yeah, without tying that with that, without tying that,
that customer on the card numberside, together.
Travis (08:21):
exactly.
So where we come in is we helpthe customers or we help, we, we
help the end customer get abetter experience because like I
signed up for the app and thenall my, the company already
knows who I am based off of thecard number.
And then that information can beused to, to, to market to me and
say Hey, like you might likethis as well.
(08:42):
You might, and also here's yourentire order history.
It's a lot you can do once youget control over the data.
This is when it's all when it'sall stuck with one customer,
Jeremy (08:51):
yeah, so I'm going to tease out the whole security
thing.
Cause again, my wife, recentlygot hacked on the app.
At, her favorite Bobo place.
My eight year old daughter lovesto go to this mobile place up
the road.
And somehow they, the hacker gotinto their, into their data and
started charging, charging thecard on a regular basis.
And it was small increments, butat this point now my wife will
(09:13):
no longer put her card numberinto the app and quite frankly
has considered, and there's beentimes she has moved to another.
Brand because of that, are youfinding that these types of
things are still happeningbecause I get, I'll go talk with
restaurant brands and they'relike, you're kidding me.
People are still getting cardnumbers.
People still have, clear textdata being transmitted or these
(09:35):
kinds of things.
And so I guess educate ourlisteners a little bit and
you're, for those that arewatching on video, they're
probably going to see Travis'sschmirk because at the end of
the day, I think all too oftenwe.
Have this false sense ofsecurity that all of this stuff
is heavily encrypted and youcan't get into it.
And the truth is that's not thecase in so many of these types
(09:55):
of environments because of onething or another, sometimes it's
operational.
We can talk down the operationalpath and kind of that.
And then there's other timesthat just you're either
uneducated about it or the techdoesn't support it.
And so you leave things in cleartext.
So how often are you runninginto that?
And what is that impact on thesecurity side if and when brands
get, get hacked?
Travis (10:14):
yeah, good question.
So I'm finding where companiesare just fully non PCI
compliant, like they're justnot, they're, they just aren't
caring about where the PCI datais at all.
That's.
That's rare, but it like, I didhave a situation recently where
a new tech lead took over aproject and it wasn't at VGS.
(10:35):
it was a, it was at anothercompany, but they took over this
old product that had beenoperating for a decade.
And then they, as they dug intoit, they realized that nothing
was like, none of the PCI datawas being stored correctly.
It was, and it was a rush to, toget VGS implemented into this
old tech stack, and which was,built in, I think it was 2008,
(10:55):
and then they had to almostovernight implement to this
solution, which is where VGSshines, because then we come in,
we drop into either side, and wejust, Protect that environment
and then so yeah, it definitelydoes happen where companies are
just like maybe for Legacyreasons they haven't updated
their systems.
That's typically what's happenednew things are almost You know,
(11:18):
They're often built with thingslike, like PCI in mind,
specifically with VGS and then,but that's a, yeah, that's
definitely, that's a problemI've seen.
Jeremy (11:29):
the other thing that I often find when I'm looking at
these things, and I'm certainour listeners will resonate with
this is that at some point,somebody made a decision that
says, we'll patch this.
We'll fix this.
But in order to get live, we'vegot to get this data in clear
text to be in this environment,and we'll just put the security
in place.
But now, A new CMO comes in, anew CIO comes in.
(11:52):
They don't know that stuff'sthere.
They're filling out the SAQ, theself assessment questionnaire,
or they're even doingpotentially some onsite audits,
and that is not part of the PCIenvironment, for whatever
reason, cause your auditorsoften don't know.
And if they're just trying toget a paycheck, they may or may
not ask those things.
And so what I'm finding is thatpeople think that it's that way
and it's only until they getbreached.
(12:14):
That they then get to a pointwhere they're like, Oh crap, I
had no idea this was there.
Or yeah, we never got around tothat project because everybody
is in, everybody's overworkedand everybody has more projects,
especially on the it side thanthey have time to deal with.
And so marketing's coming tothem with a pile of another five
projects, operations got anotherthree projects they need to do.
Finance has got two projectsthey need to do and they go,
Hey, we got it live.
(12:35):
Let's go, let's move on to thenext project.
And they never circled back.
And know, obviously we'd lovefor them to engage with BGS and
see if this is a solution forthem, but what should they be
looking for?
What are the types of thingsthat you look for when you're
asking these questions?
I'm an owner, I'm a CEO.
I've got a brand of 10restaurants right now.
I'm that ABC coffee shop.
I've got 10 coffee shops and I'mnow sitting down on my one on
(12:56):
one with my it guy, what typesof questions should they be
asking them to think aboutWhether VGS is a, or a
competitive solution would be inthat environment because I think
helping them to get to a placewhere they can get educated
about this would be reallycritical to seeing that there
truly is a problem and that theyneed to implement a solution
post haste
Travis (13:17):
Yeah.
Yeah.
Okay.
So there's really, there's a fewdifferent things that I would
ask people to just to bethinking about, which, and one
is, it's the most obvious, whichjust know the flow of data, like
understand.
Understand really well how datais entering your network and how
data is exiting and have thatdocumented and that's where VGS,
like that's where VGS comes inand helps is okay, so there's
(13:39):
all these different ingresspoints into your network and
they have PCI data and I'msorry, we're focusing on PCI,
but it's not always PCI data.
It could be customer phonenumbers.
It could be, it could be emailaddresses.
It could be stuff.
Exactly.
Social security.
No, exactly.
Like all of these things areconsidered sensitive, even if
they're not, even if they're notPCI per se.
(14:00):
And so all of those data ingresspoints you, you have to be aware
of and you have to understandhow they're interacting with
your applications.
I've worked with some very largevendors or some very large, some
very large merchants in the pastwho were just storing credit
card numbers in plain text intheir system.
And I was shocked, but theywere.
That's just how it's always,that's how it's always worked.
(14:21):
And that's, they didn't feellike they could change it at
this point.
So that's where, that's where westep in.
So understanding the data andthen also understanding like on
the other side of the house,like we've talked about how to
secure the data, but then alsoif you, let's say you don't have
access to the data, you're usinga PSP and you're just getting
their token.
how would your life change ifyou did have access to the data
(14:43):
and like how much control.
What do you have in that case?
And cause that's the other side.
That's one is the security.
And then the other one isoffering the maneuverability
between vendors and making, andwhat that turns into in reality
is you can perform more fraudchecks, you can perform.
you can perform KYC on certaincustomers in different
situations.
(15:03):
You can have a multi processororchestration solution.
So rather than just sending,trying to perform a payment with
one PSP, you can have a, you cansend it to a bunch of different
PSPs and, or you could utilizethe network technologies like
network tokens and, get theupdated PAN so that your
payments don't stop working, Oneyear down the line when the card
(15:24):
expires.
So yeah, there's a, those arethe kinds of things.
It's like, how do you protectyour system?
And if your system is protected,are you limited by the way it's
protected right now?
Jeremy (15:34):
Yeah, and I'd love to, I think that's the next thread,
Travis that I'd love to go downas that whole idea that says,
what do you get when youtokenize this data?
Because I think there's, again,I think we all as consumers,
because we work on apps likeAmazon or walmart.
com, these things, we expectthem to know everything about
us, but in online and offlinecommerce, it's tough.
(15:56):
And most systems were designedfor one or the other.
And, loyalty tries to bridgethat gap.
Some, CDP solutions try andbridge that gap.
We've had multiple loyaltyproviders and other solution
providers.
But one thing that stays prettyconsistent is how are you paying
for this product?
And you typically have one tothree cards that you're paying
for your offline and onlineproducts in any normal consumer
(16:18):
environment.
And so talk to me about theportability of that.
Before we jump into kind of theflexibility of even being able
to do multiprocessor and all ofthat, because I think that also
is very underutilized, but theportability and the
understanding that you are whoyou are, because I'm tying your
customer record to yourtransaction record to your
payment record is Data that thebest of the best have, but most
(16:43):
don't.
Travis (16:44):
yeah.
And that's, that, that's whatwe've seen a lot actually is
like the largest merchants, butlet's say the rigor of creating
their own PCI environment.
And so they do have that dataand they can correlate.
We're, what we're actuallyseeing, like the trend that
we're seeing is even thosemerchants don't want to maintain
that the PCI data, that PCIenvironment anymore, and they're
(17:06):
trying to offload it.
They're trying to, they'retrying to get an off-network
vault to just to simplify theirstorage and simplify their,
their compliance burden.
But yeah, what we, what we'veseen.
what we've seen with the that'swhat the largest players and
then with the mid market, likewith the, with those medium
sized restaurants with thosemedium sized merchants, what
(17:29):
we're seeing is even they wantto have insights into their
customers.
They want to know more abouttheir demographic.
They want to know how manytimes, like Jeremy, how many
times you are going into therestaurant and making purchases.
How, what are your movementpatterns?
What, how can they better marketto you?
And if they roll something out,how does that new, how does that
(17:49):
new offering that they'regiving?
How does that, how does thatplay with their historical
customers?
And, yeah, it's a, it'sdefinitely like a ton more
insight because at the end ofthe day, like my credit card
number is tied to me.
That's I use it almost every dayto, to make purchases.
And that's one, one source oftruth.
Thank you.
And if you can correlate thatbetween in person and online
(18:09):
transactions for that omnichannel, that's where it becomes
really interesting forrestaurants.
Jeremy (18:15):
it's funny.
I, that was actually where I wasgoing is there's also this, and
retailers, grocers, restaurantshave struggled with kind of the
buy online pickup in store, butnow I get to the store and my
wife calls me while I'm drivingto the store and says, I didn't
know Johnny was staying over fordinner.
Can you pick up another sandwichfor Johnny?
Now I got to pull out a secondcard, but these things happen.
(18:35):
They happen in life.
And if I was just going there,30 years ago, I didn't have the
ability to order online and pickup in store.
I just went to the store.
I called the store and I paidwhen I got there.
Now people are on the go.
they're ordering from the app.
They go in and pick up theirfamily pack for the four of
them, but then somebody else isstaying over.
And now you got to figure outhow do I add to that order
without necessarily, or I'vesent my teenage son to go pick
(18:57):
up the food.
cause I'm not door dashing.
And he doesn't have a creditcard in his pocket to pay for
that additional meal.
Talk me through how this omnichannel experience is capable.
Once you get to, this vaultconcept, cause now I should be
able to pick up that transactionin store, go add to it, recharge
that same card.
Cause you've now tied that cardto that transaction.
Talk me through what that lookslike.
Travis (19:18):
yeah.
Okay.
So that, that, that's reallycool.
So let's say in that kind ofsituation where a customer is
paying and then they want tomodify that transaction down the
road, that's where tokenizationcomes into handy.
Let's say you pay up front andthen you actually load your card
into an environment.
Yeah.
Then any modifications can stillbe tied to that card, to that
transaction down the road.
(19:38):
And then you can, like it, itgives the business a lot of
control over the experience thatthey want to give their
customers.
And then, what we also see islike QR based payments where,
you're in the store and you wantto actually pay.
Pay by QR versus pay by, versuspay by traditional credit card,
or maybe you want to tie thosetwo.
And then, so those are the kindof offerings that, that you can
(20:00):
begin to, that, that you canbegin to see, with that.
And the other thing that I'll,that I'd say is what we've seen
customers do, or what we'veseen, let's say, different
processors do is that they wantto give instant rewards to
customers.
in, in your situation, they madethe payment online, and then
they go in store and they, let'ssay they do have their credit
(20:23):
card, they want to make apayment.
That, that transaction caninstantly be associated to their
account simply because they madethat payment in store.
And that's all, that all goesdirectly into the merchants,
into the restaurant's datawarehouse and they can update
their, they can update theirrewards based off of that.
And so it's just, it gives waymore control over the customer,
(20:47):
it gives way more control to themerchant and a way better user
experience.
to the customer.
Jeremy (20:53):
Okay.
I got two other trains ofthought that I want to go down
before we adjourn for the dayportability.
a lot of times, and I sayportability, oftentimes people
processors, because it's part oftheir value proposition.
We'll offer these services, but.
Then the customer is locked intothat processor because now they
own the token, versus thecustomer owning the token.
(21:13):
And so for those that aren'twatching on video, I got a
little bit of a smile.
So talk me through why having athird party token is better than
having a token offered by thecredit card processor.
At the time, talk me throughmany reasons.
I'm certain there's lots, but I,for me, the big one is the
customer is your customer asmuch as they are, whoever the
processor's customer is, andthey're more likely your
(21:35):
customer, because they're theones delivering the goods and
services.
They're just taking the payment.
Travis (21:39):
Absolutely.
So when a customer comes to youin, in, let's say you're using a
standard, like a standard PSPtokenization service and you
aren't really thinking about,what that entails and when you
get that value or that, thattoken from the PSP it can only
ever be used with them.
And what that means is you arevery locked in to their
(22:00):
environment and migrating off ofthem is a whole that's a large
scale project, just changingPSPs.
And it also means that if thatPSP is down, then you're hooped.
that's a, you're, if you arefully tied, your revenue is tied
to that processor.
And what, what BDS does is Weallow merchants to take control
(22:23):
of that data, and they reallyown their customer in a very
practical sense, which isthey're owning, they're owning
the payment credential.
And so it's no longer, it's nolonger the PSPU who has access
to that, but it's them, and ifthey want to add on an, add on a
new payment service provider,and this might be to change
geography, let's say, companiesdoing well in the U S they want
(22:43):
to branch into Canada.
They want to branch into Mexicoor into Europe.
They can add in the processorthat's best for them there.
And then using the same datacollection platform, it's going
to drastically reduce the amountof work it takes to onboard that
new processor.
And really simplify theiroverall architecture, because
it's all being stored the sameway.
They're just sending it to adifferent, to a different third
(23:04):
party.
In this case, that would be,that would be the PSPs.
Jeremy (23:07):
Yeah, no.
And I love that thought.
And I think.
All too often we get stuck withguest experience.
That's bad because tech hasn'tthought through these things.
And so it's this, Oh, I can'tuse this payment here because
you're, we're even the offlineonline, some online providers
for online ordering only supportcertain processors, certain POS
in store only support and otherprocessors.
(23:27):
And so you've got to figure outhow to tie those things
together.
Last kind of train of thought.
Talk me through some customersuccess stories.
Talk me through some foodservice operators, what did life
look like for them before VGS?
And then where have you seenthem really expand the using
your guys's offering to helpcustomer experience and our
business experience and make thebusiness better.
So I don't put you on the spot,but I love hearing success
(23:50):
stories and our customers, thelisteners to the show constantly
come back and go, Oh, When youshared this and this about this
customer, it really resonatedwith me.
So if you can come up with oneor two quick stories, that would
be awesome if you could sharethat.
Travis (24:03):
yeah, that's that sounds great.
So I the first one that comes tomind is probably It's probably,
it's one of the world's largestQSRs.
And what we do for them is weenable their marketing
department to get really deepinsights into the, into customer
movement and to, into whatcustomers, and to what customers
(24:24):
are looking for and what thatturns out in.
what that looks like at atechnical level is every day we
are receiving batch data withthe card numbers in them from
all of their differentprocessors.
This is for multiple countries.
So every, at the end of the dayor multiple times throughout the
day, we will receive settlementfiles and then we will tokenize
all of the card numbers in thosesettlement files and forward
(24:46):
them on to Forward them on tothe QSR, and then that, that,
that restaurant at that pointcan ingest that data into their
data warehouse, and then theycan match up the online versus
the in store transactions, andthey can say oh, this is what
Jeremy likes, and if we cantarget Jeremy, and in this, at
this time, like on Fridays, hereally loves This like X and
(25:09):
then so then they can market toyou very specifically like that
and it allows them to get reallycreative with how they
understand their customers.
And, yeah, that's a pretty cooluse case and just to see how
that's developed in the, in theworld and, like enabling those
marketing, enabling thosemarketing insights.
Jeremy (25:29):
and at the end of the day, you've talked about
customer experience.
And now delivering to thatcustomer, something that might
be relevant to them is reallycritical.
so long for so long, marketinghas all been about, let me just
put out a message and hopefullypeople, the message resonates
with people.
But as we've gotten to a morepersonalized world, people want
message.
we're getting inundated withthousands of messages every day,
(25:49):
tens of thousands of messagesevery day.
And so the more relevant I canmake it to Jeremy father of four
married, in this demographicthat's looking for this, I just
was sharing, before we hitrecord.
This past five days I've beenwith my college age son and my
spend patterns were different.
My traffic patterns weredifferent.
I went to some of the samebrands that I go to at home, but
(26:11):
it looked different.
And my food, my food consumptionwas different.
Whereas my wife was home, withthe other kids and doing
something different.
And so with that being able totie that data and then being
able to give me a relevant offerwould have been really critical
to help them understand what'sgoing on.
Why and where, what might havehappened as it related to my
patterns, just even over thelast week.
Travis (26:33):
yeah.
that's absolutely what we'reseeing is it's all about
understanding the customer andlike from a marketing
perspective, it's no longer justtargeting everybody, it's
targeting one person.
Like they're targeting Travis orthey're targeting Jeremy and
they're and it's I think thattokenization is, like VGS has
changed the kind of servicesthat can be offered because of
(26:55):
that.
and They can now target oneperson, be like, we want to give
this person a good experience,rather than saying we want to
target this demographic even.
It's a, yeah, it's a, it'spretty, it's pretty remarkable
on that front.
Jeremy (27:08):
so I've now sat through this last 30 minutes and I'm
like, I need what Travis has.
What does it look like?
What does the onboarding looklike?
What's the engagement look like?
Do they just call you and say,Travis, can you install this
tomorrow?
obviously I know that's nottrue, but, help me understand if
I was a listener out there andI'm like, you know what, I gotta
have what VGS.
that's what that stands for.
If I didn't say it already, whatyou guys have, what would an
(27:28):
engagement look like?
And what's an ideal customer foryou guys to make sure that you
guys are hitting the market and,making some stuff happen.
Anybody that's ever run arestaurant knows the craziness
that happens during a mealperiod in a rush.
One of our partners, RestaurantTechnologies, Total Oil
Management Solution, is an endto end oil management system
that delivers, filters,monitors, and recycles your
(27:50):
cooking oil, taking one of thejobs that none of your team
wants to do, and takes it offyour hands, allowing your team
members to focus on their guest.
Control the kitchen chaos withTotal Uh, restaurant
technologies and make yourkitchen safer while maximizing
your staff's time.
The solution can be provided atno upfront costs.
(28:10):
If you want to learn more,please check out rti inc.
com or call 888 796 4997.
Travis (28:20):
yeah, good question.
So I think first thing shouldalways be like, come and talk to
us and come and work with ourpayments experts and understand,
Where VGS can fit in the flowand how we can help you.
And then I, like from anonboarding perspective, like
that's my language.
that's that's where I, that'swhere I focus a lot of my time.
And from an onboardingperspective, we're going to
(28:41):
dedicate, we're going todedicate resources to make sure
that they're successful, likeour customers get good service,
our customers.
They like, we, we get introducedto the processors.
And we manage that migration,like that's typically a
migration process that happensso that we can get all that
data.
And then we, we work veryclosely with the customer
developer teams over the courseof, either weeks or months,
(29:04):
depending on, depending on theclient, making sure that they're
tokenizing data correctly,they're PCI compliant in how
they're doing it, or.
If it's not PCI, then they'rejust secure and they're
protecting the SSNs correctly.
SSNs or, other data fields.
And then, but yeah, it's a lotof working with our solutions
architecture team and, with adedicated project manager and
(29:25):
just really building out thatperfect payments flow for each
business.
I've worked here for a number ofyears and it's always different.
It seems every.
Like it's never copy paste.
There's always something uniquethat a company is trying to do.
Jeremy (29:39):
It's funny that you say that.
Cause I, people that are outsideof the industry are like, Oh,
it's just a restaurant.
You just make some food and sellit to people.
It's it is so complex, andwhether you're talking about in
store above store, just acrossthe board, there's so many
different moving parts andpieces and every deployments in
some different phase.
can you, just give everybody thewebsite for those that don't and
I'll throw it in the show notes.
But if you can make sure thateverybody knows where to go to
engage with the team, that wouldbe awesome.
Travis (30:01):
Absolutely.
you can go to VGS.IO and then,from there, you can get in touch
with our team and I'd be happyto meet with anyone.
Jeremy (30:08):
Awesome.
Travis, I appreciate youeducating our listeners.
I think it's, as I said at theonset, it's such an
underutilized piece of tech.
That I think is going to becomesomething ubiquitous that
everybody's going to need.
And as I often say at the end ofthese recordings, if you're not
doing it, likely your competitoris, and so you better be aware
that they're specificallymarketing, specifically
(30:30):
understanding the guests,specifically doing these things,
not just from a securityperspective, but also from a,
how do I engage with the guestsand understand who they are and
what they're doing?
So thank you for spending timewith us, educating us to our
listeners, guys.
You guys have got lots ofchoices.
So thanks for spending timewhile you guys are checking out
various good security.
com.
if you haven't already done sosubscribe to the YouTube page,
(30:50):
subscribe to the YouTubechannel, subscribe to the
newsletter.
Love to bring you guys newcontent each week and make it a
great day.
Thanks for listening to theRestaurant Technology Guys
podcast.
Visit www.
RestaurantTechnologyGuys.
com for tips, industry insights,and more to help you run your
restaurant better.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.