Skip navigation
All Places > In the News > Blog
1 2 3 Previous Next

In the News

80 posts

all ears.png

We want Vantiv O.N.E. to be the best community it can be, and we'd love your input. How have we been doing?

 

Let us know how we can make Vantiv O.N.E. better - whether that's the user experience, our documentation, or resources you wish we offered.

 

Everyone who submits an idea will get a $10 Starbucks card to help them power through the rest of the year. All entries will be entered into a contest for a $100 Amazon card. (Check out our terms and conditions here.)

 

Don't delay - the contest ends on December 30th, so enter today.

The year is drawing to a close, so be on the lookout for a deluge of articles, videos, and opinion pieces recapping 2017. As a software developer executive, it’s fine to look back but it’s more important for you to look ahead this time of year. With that in mind, let’s learn together from the book Built To Last: Successful Habits of Visionary Companies by the legendary Jim Collins and Jerry Porris. The book provides guidance on how to build and innovate your business to adapt for the future.

 

Here are 37 of my favorite quotes and concepts from Built To Last:

 

  1. Visionary companies display a remarkable resiliency, an ability to bounce back from adversity.
  2. Visionary companies do not ask, “What should we value?” They ask, “What do we actually value deep down to our toes?”
  3. Visionary companies make some of their best moves by experimentation, trial and error, opportunism, and — quite literally — accident. “Let's just try a lot of stuff and keep what works.”
  4. Creating a visionary statement can be a helpful step in building a visionary company, but it is only one of thousands of steps in a never-ending process of expressing the fundamental characteristics we identified across the visionary companies.
  5. Concentrate primarily on building an organization rather than on hitting a market just right with a visionary product idea and riding the growth curve.
  6. Be prepared to kill, revise, or evolve of an idea, but never give up on the company.
  7. All products, services, and great ideas, no matter how visionary, eventually become obsolete. But a visionary company does not necessarily become obsolete, not if it has the organizational ability to continually change and evolve beyond existing product lifecycles.
  8. The “Genius of the AND”: The ability to embrace both extremes of a number of dimensions at the same time. Instead of choosing between “A” OR “B,” they figure out a way to have both “A” AND “B.”
  9. A visionary company doesn’t simply balance between persevering a tightly held ideology and stimulating vigorous change and movement; it does both to an extreme.
  10. We found evidence of a core ideology that existed not merely as words but as a vital shaping force.
  11. Profit is like oxygen, food, water, and blood for the body; they are not the point of life, but without them, there is no life.
  12. Visionary companies don’t merely declare an ideology; they also take steps to make the ideology pervasive throughout the organization and transcend any individual leader.
  13. Beliefs must always come before policies, practices, and goals. The latter must always be altered if they are seen to violate fundamental beliefs.
  14. A visionary company continually pursues but never fully achieves or completes its purpose.
  15. A visionary company can, and usually does, evolve into exciting new business areas yet remain guided by its core purpose.
  16. An effective way to get at purpose is to pose the question, “Why not just shut this organization down, cash out, and sell off the assets?”
  17. Preserve the core and stimulate progress: that's the essence of a visionary company.
  18. In a visionary company, the drive to go further, to do better, to create new possibilities needs no external justification.
  19. Through the drive for progress, a highly visionary company displays a powerful mix of self-confidence combined with self-criticism.
  20. Organizations often have great intentions and inspiring vision for themselves, but they don't take the crucial step of translating their intentions into concrete items.
  21. You don’t need to create a “soft” or “comfortable” environment to build a visionary company. The visionary companies tend to be more demanding of their people than other companies, both in terms of performance and congruence with the ideology.
  22. Because visionary companies have such clarity about who they are, what they’re all about, and what they’re trying to achieve, they tend to not have much room for people unwilling or unsuited to their demanding standards.
  23. Evolutionary progress is unplanned progress.
  24. Detailed plans usually fail because circumstances inevitably change.
  25. If you put fences around people, you get sheep. Give people the room they need.
  26. The best and hardest work is done in the spirit of adventure and challenge.
  27. If you're involved with an organization that feels it must go outside for a top manager, then look for candidates who are highly compatible with the core ideology. They can be different in managerial style, but they should share the core values level.
  28. Critical question: “How can we do better tomorrow than we did today?” Institutionalize this question as a way of life — a habit of mind and action.
  29. Visionary companies attain their extraordinary position because they are so terribly demanding of themselves.
  30. If you want to innovate, you must bootstrap. It is one of the most powerful, least understood influences that pervades the company.
  31. Visionary companies habitually invest, build, and manage for the long term to a greater degree than the comparison companies in our study. Yet, at the same time, they do not let themselves off the hook in the short term.
  32. A visionary company creates a total environment that envelops employees, bombarding them with a set of signals so consistent and mutually reinforcing that it’s virtually impossible to misunderstand the company’s ideology and ambitions.
  33. Visionary companies don’t put in place any random set of mechanisms or processes. They put in place pieces that reinforce each other, clustered together to deliver a powerful combined punch.
  34. You should be working to implement as many methods as you can think of to preserve a cherished core ideology that guides and inspires people at all levels. And you should be working to invent mechanisms that create dissatisfaction with the status quo and stimulate change, improvement, innovation, and renewal – mechanisms that infect people with the spirit of progress.
  35. The builders of visionary companies tend to be simple – some might even say simplistic – in their approaches to business.
  36. No matter who you are, you can be a major contributor in building visionary companies.
  37. Don’t buy into the belief that building a visionary company is something mysterious that only other people do.

 

If you’d like to talk more about Built To Last and how to adapt your ISV organization for the future, please reach out to me. My job as a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services is to work with Vantiv partners to help them clarify their vision, hire the best team, develop staff, establish best practice systems, improve customer service, and more.

 

 

For more On the Edge content, please visit the Vantiv Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.

 

I just finished one of the best leadership and management books I’ve ever read – Multipliers: How the Best Leaders Make Everyone Smarter. I heard about the book while listening to the Read To Lead podcast, and I’m thrilled I purchased a copy. Author Liz Wiseman articulates one of the core reasons Vantiv launched PaymentsEdge Advisory Services last summer: The biggest leadership challenge of our times isn’t insufficient resources per se, but rather our inability to access the most valuable resources at our disposal. People are often ‘overworked and underutilized.’ This book is about leaders who access and revitalize the intelligence in the people around them.

 

When I look inside POS reseller and ISV organizations, they each have people, plans, problems, and paperwork. But what distinguishes the winners from the also-rans are those companies who take intentional steps to maximize the abilities of their employees. Multipliers provides specific guidance on how you as a business leader can get the most out of your staff and create a thriving organization – and how to avoid diminishing your team’s capabilities.

 

I’ll share some of my favorite quotes and concepts from Multipliers below, but I strongly encourage you to buy the book and use it as a guide to create a winning culture.

 

  1. This book began with a simple observation: There is more intelligence inside our organizations than we are using. It led to the idea that there was a type of leader — Multipliers — who saw, used, and grew the intelligence of others, while other leaders — Diminishers — shut down the smarts of those around them.
  2. Multipliers get more from their people because they are leaders who look beyond their own genius and focus their energy on extracting and extending the genius of others.
  3. When people work with Multipliers, they hold nothing back. They offer the very best of their thinking, creativity, and ideas.
  4. Multipliers not only access people’s current capability, they stretch it. They get more from people than they knew they had to give.
  5. Here is the logic behind multiplication: Most people in organizations are underutilized. All capability can be leveraged with the right kind of leadership. Therefore, intelligence and capability can be multiplied without requiring a bigger investment.
  6. Resource leverage is a far richer concept then merely “accomplishing more with less.” Multipliers don't get more with less; they get more by using more. More of people's intelligence and capability, enthusiasm and trust. “80 people can either operate with the productivity or 50 or they can operate as though they were 500.”
  7. Diminishers and Multipliers hold radically different assumptions about the intelligence of the people they work with. Diminishers’ two-step logic appears to be that people who don't “get it” now never will; therefore, I'll need to keep doing the thinking for everyone. Multipliers look at the complex opportunities and challenges swirling around them and think, “There are smart people everywhere who will figure this out and get even smarter in the process.” They see that their job is to bring the right people together in an environment that liberates everyone's best thinking.
  8. Multipliers have a hard edge: They expect great things from their people and drive them to achieve extraordinary results.
  9. Multipliers don't play small: It's not that these Multipliers shrink so that others can be big. It's that they play in a way that invites others to play big, too.
  10. Multipliers have a great sense of humor: Multipliers can laugh at themselves and see comedy in error and in life’s foibles, and their sense of humor has a liberating effect on others.
  11. This book is not a prescription for a nice-guy, feel-good model of leadership. Rather, this book discusses a hard-edge approach to management that allows people to contribute more of their abilities.
  12. The Ameba Model: Don't box people into jobs and limit their contribution. Let people work where they have ideas and energy and where they can best contribute.
  13. Are there people on your team who could lead a revolution if they were unleashed on the right opportunity?
  14. Leaders most often know who the blockers are. The most common mistake they make is waiting too long to remove them. If you want to unleash the talent that is latent in your organization, find the weeds and pull them out. Don't to do it quietly.
  15. When you become the leader, the center of gravity is no longer yourself.
  16. Be direct without being destructive.
  17. Liberators hold two ostensibly opposing positions with equal fervor: “I give you space; you give me back your best work. I give you permission to make mistakes; you have an obligation to learn from the mistakes and not repeat them.”
  18. Tyrants and Liberators both expect mistakes. Tyrants stand ready to pounce on the people who make them. Liberators stand ready to learn as much from the mistake as possible.
  19. Liberators get the best thinking from people by creating a rapid cycle between thinking, learning, and making and recovering from mistakes in order to generate the best ideas and create an agile organization.
  20. Tyrants impose an “anxiety tax” wherever they go, because a percentage of people's mental energy is consumed trying to avoid upsetting the Tyrant.
  21. A manager may be able to insist on certain levels of productivity and output, but someone's full effort must be given voluntarily.
  22. If a leader holds the assumption that it is their role to provide the answers, subordinates wait for the directives they've come to expect. The subordinates act on the leader’s answers; then the leader concludes “they would never have figured this out without me.”
  23. Once a leader accepts that he or she doesn't have all the answers, he or she is free to ask much bigger, more provocative, and, frankly, more interesting questions.
  24. Diminishers ask questions that make a point rather than to access greater insight or to generate collective learning. 
  25. Helicopter Down: It is irresponsible to ask your team to do something if the CEO exposure is only at the 30,000 foot level. You have to take it down and show that it can be done.
  26. The collective intent built within the organization enables the whole group to break through challenges no single leader, however intelligent, could have done alone.
  27. Multipliers aren’t overly swayed by opinion and emotional arguments; they continue to ask for evidence, including evidence that might suggest new or alternative points of view.
  28. Multipliers invest by infusing others with the resources and ownership they need to produce results independent of the leader. They invest, and they expect results.
  29. When we let nature take its course and allow people to experience the natural consequences of their actions, they learn most rapidly and profoundly. When we protect people from experiencing the natural ramifications of their actions, we stunt their learning. Real intelligence gets developed through experimentation and by trial and error.
  30. Letting nature teach is hard. Find the “smaller waves” that will provide natural teaching moments without catastrophic outcomes.
  31. When Diminishers delegate, they dole out piecemeal tasks but not real responsibility.
  32. Micromanagers hand over work to others, but they take it back the moment problems arise.
  33. Leaders do not need to be good at everything. They need to have mastery of a small number of skills and be free of show-stopping weaknesses.
  34. It wasn’t a blind faith that I trust you to get it right; it was a more deeply held confidence that I trust you to learn how to get it right.
  35. When new ideas become new norms, you have cultivated a sustainable culture.

 

 

If you’d like to talk more about Multipliers and how to improve your ISV business, please reach out to me. My job as a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services is to work with Vantiv partners to help them with hiring right, developing staff professional development programs, improving customer service, and more.

 

 

For more On the Edge content, please visit the Vantiv Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.

Customers expect their payment data to be protected when used online. As they make a conscious decision when their cardholder data into a website, if the checkout page doesn’t resonate with a sense of trust, they will abandon their cart. 

 

Cart abandonment can be anywhere from 55% and 75% and of those consumers who dropped out of a purchase, 17% mentioned “concerns about payment security” as a reason as they didn’t enter their credit card information into a site[1].” 

For face to face transactions, the indication of the chip embedded in their credit card is obvious. While chip cards were designed specifically to reduce fraud at the POS, customers recognize the difference from dipping their card into a POS device versus swiping, which was an experience change the US market had to overcome.  The challenge with eCommerce in the chip card era is that there has not been a customer experience change, so cardholders are unable tell the difference from a secure or non-secure experience. This means that customers have to rely on their personal intuition, rather than facts, in order to proceed or drop out.

 

 

The Perception of Trust

 

If cardholders are only relying on perception, then how do they know when ecommerce retailers have invested significant resources and money in adequately protecting their sites? In some surveys, as many as 61% of participants said they had decided not to purchase a product because it was missing a security badge.

 

A trust badge, or trust seal, is a symbol placed on websites that ensure the customer that site is legitimate
and that all their personal data is collected securely through trusted third-party service providers.  Such examples are visual padlocks and or shield marker strategically placed by the payment forms to encapsulate the payment fields from the rest of the page.

 

The most common badges used are SSL (secure socket layer) seals, symbolizing a secure connection for credit card data to be transmitted for processing. While these badges establish customer data protection through use of cryptography, SSL doesn’t actually prevent attackers from stealing payment  data to be used for fraudulent transactions, which is ultimately what customers care about most.

 

Customer Perception is Vital

 

Cardholder perception is more important than actual implemented security, and the absence of visual cues of confidence like a trust badge can lead to customer skepticism, and may be willing to switch to a different site where they feel more secure.  

 

What’s even more interesting is that some findings state that placing any type trust badge on a site helps establish credibility with consumers – even if the customer doesn’t really understand what the badge embodies, or who the third-party service provider is.

 

More concerning is that retailers can purchase trust badges at online marketplaces, creating a false sense of security without implementing actual security to stay abreast with the ‘me too’ philosophy. In the fast-paced paced eCommerce
environment, do customer’s dedicate the attention and time or possess the technical experience to differentiate from the two badges below?

 

If customers don’t have the technical expertise to identify legitimate sites from imposters, what are their requirements beyond personal feelings, and who is enforcing misuse of their confidence?

 

A Shift Beyond Perceived Security

 

Turkish ecommerce is already moving in this direction through the Communique on Trust Seal in Electronic Commerce, established this year to foster more trustworthy environments by regulating security standards for obtaining a trust seal for eCommerce websites. The Communique aims for better adoption of legitimate trust seals by ensuring that providers
meet certain security standards, best practices, and punishing those that abuse.
[2]

 

While the deployment of legitimate trust badges like McAfee and VeriSign have been deployed in US  ecommerce environments, the breadth of third-party badges has created dilution, resulting in customers having to interpret who these organizations are and if they can even be trusted.  Though the saturation of badges has resulted in fragmentation, this has proven to be an effective means to establish trust, but given the anticipated growth of US ecommerce over the next several years, this model won’t scale.

 

Universality is Needed

 

In order to scale beyond perception, the payments industry needs an interoperable CNP icon that represents these characteristics much like the chip card has embodied security for card present transactions. While there are global security standards for the web like W3C and OWASP, cardholders wouldn’t recognize these bands as they are
aimed at protecting for data for financial institutions with protecting data, rather than end customers.

 

Given this consumer obstacle, while it makes sense the payment networks like Visa and MasterCard develop a graphical element that possesses credibility, it would also be more beneficial for the payments industry to build awareness through a totally new archetypal icon that embodies technical security and trust the market has yet to see.

 

 


[1] https://monetizepros.com/ecommerce/5-trust-badges-that-can-increase-your-conversion-rate/

[2] http://www.mondaq.com/turkey/x/634844/Consumer+Law/Trust+Seal+In+ECommerce

Kevin Eksterowicz is a Talent Acquisition Leader at Vantiv. I asked him about the new hiring approach that Vantiv rolled out this year (and that my team has used to great success). Here's what he had to say:

 

One of the most impactful exercises a company executes is its selection of new employees.  And when you’re growing as rapidly as Vantiv, the stakes are especially high.  In 2016 alone, we filled almost 1,400 jobs! 

 

However, when we scanned the organization late last year, a few things stuck out like a sore thumb:

  • Our interview and selection process lacked consistency and structure.
  • Interview training and tools were not on any of our curriculum.
  • Feedback on candidate experience was often lackluster at best.
  • Turnover within the first 12 months of hire was 23%, 75% of which took place within the first six months. 

 

We stopped in our tracks and realized that we had a huge opportunity in front of us to deliver value and impact to this growing organization.

 

After months of planning, developing and piloting, we launched Vantiv’s SELECT! program on July 31st. SELECT! is an approach to interviewing and selection that embraces a set structure and strategy for all roles in the organization, ideally with just one on-site visit limited to four interview sessions.  These sessions are tied directly to Vantiv’s leadership model and evaluate a candidate not just on experience and job titles, but through deep focus on the competencies required for success. 

 

We call these sessions our interview focus areas: 

 

  • Role Fit
  • Business Impact
  • Leadership/Self-Leadership
  • Culture & Values. 

 

Focus areas remain consistent across all levels of the organization, yet the competencies and suggested interview questions vary by level.  The outcome is a well-rounded candidate evaluation and a candidate experience that feels robust, streamlined and smooth. 

SELECT with text.png

 

Our Talent Management and Talent Acquisition teams worked hand-in-hand to develop this program complete with:

  • Interactive, online, level-based interview guides with recommended behavior-based interview questions
  • An interactive feedback mechanism to capture candidate-specific scores and notes for each focus area
  • Mandatory comprehensive eLearning courses:  one for people leaders, one for individual contributor interview panelists
  • Half-day classroom training
  • People Leader and Interviewer job aids
  • An Interview Checklist
  • Custom approaches for nuanced groups:  sales (remote), executive, front-line operations

 

Just three months in, almost every people leader (740+) and over 300 interviewers have completed the eLearning. New hire Michael Rose was one of the first candidates to go through the new hiring process. He said, "As I interviewed with potential new employers, Vantiv’s interview process stood out above the pack. Vantiv sent a clear message to me during the interview process… a well-organized and focused approach to finding the best candidate while providing an excellent candidate experience for me. The detailed/thoughtful interview process was a large factor for me choosing Vantiv!  Even the follow-up call from my new Leader after I had accepted the offer reassured me I had definitely made the right choice.”

 

Early feedback on the SELECT! process is very positive and by this time next year, we target marked improvement in early attrition, candidate experience feedback, time to fill metrics and hiring manager satisfaction feedback. Hiring Manager Shannon Reichart said of SELECT!, “this team approach has not only helped me as a hiring manager to make an informed decision regarding new hires, but I believe that it is creating a positive experience for our candidates, providing them with greater insights into Vantiv from other perspectives. Select will give us the foundation that we need as a leadership team to recruit, develop, and retain great people here at Vantiv!”

Apple will launch Face ID with their Apple X (pronounced Ten) to be released in November. Along with its many new features, it will introduce a new biometric-based technology for customers to authenticate themselves when using Apple Pay, the mobile payment and digital wallet service that lets users make payments using an eligible Apple device. With the introduction of Face ID comes the removal the home button that’s been traditionally used for Apple’s
Touch ID, the forensic fingerprinting technology to unlock the phone and process Apple Pay transactions. Apple reports the new Face ID technology creates more unpredictability than the legacy Touch ID technology, utilizing
millions of data points to recognize facial expressions and changes to hair color, grow facial hear, glasses, and outerwear using machine learning. Prior studies reported the chance a random person could use a fingerprint to unlock an iPhone is about 1 in 50, 000 whereas studies have shown the probability to unlock Face ID is closer one and a million.

 

Is Smart Tech Good Enough?

Additional compensating controls have been implemented to detect spoofing and misuse, using an alert detection to ensure the owner’s eyes are open.  To counter, equally elegant spoofing technologies will be developed and implemented, especially with the social media and facial images over the open internet could present an obstacle to prevent against attacks, such as an attacker who can use the same machine learning recognition can identify photos of your face, family or friends who have posted pictures on Facebook or Twitter.  As with any new technology
introduced into the market, its largest obstacle to success is to achieve consumer credibility. Juniper Research has released the results of a new survey that finds that over 40 percent of iOS users in the U.S. are unlikely to use Face ID as payment security technology, and would rather use voice recognition or fingerprint scanning for mobile payments authentication measures. Given Face ID’s unproven credibility in the market, its adopters will tread cautiously as stolen stored credentials, whether they are stored on the device or hosted in the cloud, has a tendency for customers to be skeptical with its use. While Apple systems have never been breached, Apple customers can be at risk of having their devices attacked if they use the same passwords across multiple sites including their iCloud password.

 

The Market Will Tell

Apple has an enormous obstacle to tackle – increasing the security of payments without scaring away customers through the unnerving process of pointing a device at their face, which could prove to be awkward in public places. Through all its initial reservations, if Face ID is proven to reduce the payment processing friction without introducing other impacts, and lives up to its value proposition to its customers that its faster and simpler, it will gain adoption in the market over prior consumer authentication measures.

 

Would you use Face ID for payments?

Would you be willing to use the new facial recognition technology for payment acceptance or would you be resistance to new and unproven technologies? Would you have privacy concerns with facial recognition due to a lack of trust with solution providers? Do you think it may take too long to authenticate a transaction or would the experience be awkward?

 

 

Let us know your thoughts in the comments!

I don’t like to start arguments, but I'll go toe-to-toe when I feel it's necessary. I did that recently during a discussion about resellers and software developers in the POS channel. “They have to change,” my colleague said, to which I quickly responded, “No, they don't. You're allowed to become irrelevant. You're allowed to lose money and close your doors. They don’t have to do anything.”

 

Obviously, I want all Vantiv’s partners in the point of sale channel to adapt and thrive. For them I strongly recommend Dual Transformation, one of the most powerful business strategy books I’ve ever read. I heard about the book while listening to a Harvard Business Review podcast recently and bought it immediately because it addresses what I think is the biggest challenge facing our channel and our individual businesses.

 

Dual Transformation talks about disruption and how to reposition your company for the future. Being part of the IT and publishing industries since 1993, I’ve seen my share of transformations, and the authors are spot-on about how to identify disruption and how to lead the transformation of your business. When you read “The 7 Warning Signs of Industry Disruption” with the POS channel in mind, you’ll be nodding your head in agreement – guaranteed.

 

I’ll share some of my favorite quotes and concepts below, but I strongly encourage you to buy the book and use it as a guide to transform your ISV business.

 

  1. The series Game of Thrones has a saying: winter is coming. It isn't winter that's coming to your boardroom. It is disruption. Disruption is coming. And it is coming at an unprecedented pace and scale.
  2. Creating a new business from scratch is hard, but executives of incumbents have the dual challenge of creating new businesses while simultaneously staving off never-ending attacks on existing operations.
  3. The time when leaders need to be most prepared for a change is right at the moment when they feel they're at the very top of their game.
  4. We call the process a dual transformation because it requires two transformations and not one. In response to a disruptive shock, executives must simultaneously reposition their traditional core organization while leading a separate and focused team on a separate and distinct march up a new hill. It's the greatest opportunity a leadership team will ever face.
  5. Four key leadership mindsets you need to succeed:
    1. The courage to choose before your platform burns.
    2. The clarity to focus on a select few moonshots.
    3. The curiosity to explore even if the probable outcome is failure.
    4. The conviction to persevere in the face of predictable crises.
  6. Companies that successfully execute dual transformation can own the future instead of being disrupted by it.
  7. Answer these five questions:
    1. Why have people historically bought from us?
    2. What do we provide that they really care about?
    3. What is the disruptive shift in our market?
    4. What used to matter to them but doesn't really anymore?
    5. What do they wish we could do that we don’t?
  8. As the world changes, what is critical to the customer also changes.
  9. In a quickly changing world, playing an old game better is insufficient.
  10. The simplest way to understand whether you're truly transforming your core business is to ask, “How have our metrics changed?”
  11. History teaches us, again and again, that disruption is the greatest growth opportunity a company will ever see.
  12. It is critical to discover this path by action and not by analysis. Every idea to create new growth is partially right and partially wrong. The problem is that you don't know which part is which.
  13. No business plan survives first contact with the marketplace.
  14. Successful innovators smartly manage risk through disciplined experimentation. Before the Wright Brothers built a plane, they flew a kite.
  15. DEFT: Document, Evaluate, Focus, and Test.
  16. Seek a stepping-stone strategy: look for a starting point where you can keep a foot in today's world as you venture into a new space.
  17. “Running a start-up is like being punched in the face repeatedly, but working for a large company is like being waterboarded.”
  18. It's never been easier to start a business, but that means it also has never been easier to replicate one.
  19. The more significant the new project and the shift is, the more the CEO should be driving it.
  20. The fundamental challenge for leaders is that the data showing disruption underway is always opaque. By the time it is crystal clear, it is too late to do anything about the disruption.
  21. Decisions can't be guided purely by historical data, because if data drives you, you can only go backwards.
  22. The 7 Warning Signs of Industry Disruption
    1. Decreases in customer loyalty, driven by overshooting. Overshooting: Providing a given market tier performance it can't use. An entrant can gain traction with a simpler, cheaper solution.
    2. Significant and lasting investments by venture capitalists.
    3. Policy changes open the door to new entrants. When governments change the rules, it can accelerate the pace of industry change.
    4. Entrants emerge at the low end or market fringes with inferior-seeming solutions. The innovator uses this foothold to improve the product and service so that it meets the needs of broader customer groups. When upstarts following this game-changing strategy begin to emerge, it's time to stand up and take notice.
    5. Customer habits and preferences show signs of shifting.
    6. A viable competitor fine-tunes a disruptive business model.
    7. Slowing revenue growth is coupled with increased profit margins as leaders exit volume tiers and cut costs. When incumbents begin to feel the pain from disruption, it doesn't always feel very painful. The slowing growth feels like the natural result of an industry maturing. Emerging disruptors grow in a seemingly disconnected market, and, if they pick off customers, often they are ones the incumbent doesn't care much about anyway.
  23. Anything that is growing rapidly bears attention.
  24. Involve outsiders. It can be hard to identify your own problems.
  25. Most companies do a fairly good job of monitoring their direct competitors, but they underinvest in monitoring and interpreting telltale signs of future threats from substitutes and existing or yet-to-be-born disruptors.
  26. You are under no legal requirement to hold to your initial goals and boundaries. As the world changes and you see what works and what doesn't work, you can and should go back and revise the rules of the game.
  27. Adopt a “future-back” mindset. Companies tend to follow “present-forward” approaches to strategy. They start by detailing today's business, then project what next year will look like, then look at the year after that, and so on.
  28. Be willing to wave goodbye to the past.
  29. Your strategy isn't what you say you do; it is what you actually do.
  30. “What is possible?” can't be answered purely by gathering data and building intricate spreadsheets. Instead, it requires intuition and judgment.
  31. If you demand that every idea succeed, you will be consigned to work on incremental improvements within the confines of your current business.
  32. Exposing half-baked ideas early generates useful, usable feedback. It also has positive spillover effects as people in other corners of the organization can take fragments of an idea in new directions.
  33. Whenever you innovate, two good things can happen. Of course, you can create value. But you also can learn something that opens future avenues to create value.
  34. “A desk is a dangerous place from which to view the world.” – John le Carre
  35. The great sucking sounds of yesterday can subtly but importantly pull an organization back to what it was trying to get away from.
  36. Failing to build systems around the new organization creates dependency on a small number of individuals, which doesn't scale and creates conditions for failure.
  37. Defining and reinforcing a shared sense of mission become central functions for senior leaders driving a dual transformation.
  38. Transforming a company is indeed a journey, one that is both unpredictable and perpetual.
  39. Leaders who catch the disruptive changes early and respond appropriately will have the ability to thrive in the years to come. Those who don't, well, Darwin has a way of taking care of them.

 

If you’d like to talk more about Dual Transformation and how to improve your ISV business, please reach out to me. My job as a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services is to work with Vantiv partners to help them with hiring right, developing staff professional development programs, improving customer service, and more.

 

 

For more On the Edge content, please visit the Vantiv Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.

 

daniperea

3 Blogs Coders Love

Posted by daniperea Oct 5, 2017

If you're looking to level up in your developer knowledge or to commiserate with other coders, we recommend giving one of these blogs a read. Do you have a favorite coder blog? Let us know in the comments!

 

1) CSS-Tricks

CSS-Tricks is a blog on all things web design and development, and true to their roots, it also provides many helpful tips and tricks on Cascading Style Sheets. It's run and written by Chris Coyier and a merry team of CSS enthusiasts.  I love it because of its readability, the sense of play in every post and because of the copious walkthroughs with code examples.  Plus it's so frequently updated, there's often new content a few times a day.

Favorite Post: Turning Text into a Tweetstorm

 

2) Women Who Code

Women who Code is a nonprofit with over 100,000 members who are tech professionals. You don't have to be a member to access their awesome blog, which is full of profiles of women developers and organizations advancing opportunities for women in tech; hackathon invites and meet-ups; career tips from advocating for your rights at work to becoming a better public speaker; conference recaps; and of course, coding advice. Their team of writers is fantastic and this might be one of the few places on the internet where reading the comments is a worthwhile endeavor. Come for the content, stay for the community.

Favorite Post: Protecting Your Rights at Work (this is actually a series: here's part 1 and part 3.)

 

3) Coding Horror

Coding Horror is both extremely hilarious and highly informative look at both code and coders.  The half-personal/half tech blog is written by Stack Overflow co-founder Jeff Atwood. With 13 years of posts accumulated on the blog, you'll find everything from well-researched and pithy posts on programming, to tips for both newbies and experts, to personal musings. One downside: Jeff is so busy, that months can go by without an update.

Favorite Post:  Password Rules are [Horse Puckey]

 

kevin eksterowicz.png

Kevin Eksterowicz is a Talent Acquisition Leader here at Vantiv. I asked him what he loves about his job, and what advice he has for college students and recent graduates entering the job market.

 

How did you get into HR?

Like a lot of people, I actually sort of “fell” into HR. I majored in Marketing in college and I had my heart set on working for a huge NYC ad agency. The first opportunity they could offer me was as a Recruiting Coordinator serving the creative department and I jumped at the chance. A year later, I got the opportunity to work in a true advertising role. Sure enough, after a few years in an ad exec role, I realized that I missed HR and actively sought to return to Recruiting.

 

What do you love about your job?

What’s especially nice about the world of Talent Acquisition is that you’re helping people and you get the gratification of feeling needed. You have hiring managers with teams who are feeling the pain of a vacant position and you’ve got candidates who are actively seeking to make a change. You get to ease the pain of the internal client while helping someone gain the opportunity to take their career to the next level. It’s a win-win! The icing on the cake: you get to build relationships every day and no two days are the same.

 

What's the best job-seeking advice for college students or recent graduates you've heard?

It probably sounds like common sense but, “do your homework on the companies you’re applying to,” is easy, low-hanging fruit with big impact. If I call a candidate and they can’t remember the role they’ve applied to or what the company does, it’s a huge strike against you. Apply to roles and companies that really intrigue you and that you would be excited to interview for. A recruiter and a hiring manager can usually see right through a superficial interest level. I’d add that with the world of social media, it’s vital that things like your Facebook page and LinkedIn profile only paint you in a positive, mature, responsible light.

 

What's the worst job-seeking advice for college students or recent graduates you've heard?

“Cast a wide net by applying to lots of jobs that look exciting to you at a company.” 

As a recruiter, if I see a candidate who had applied to a wide variety of jobs, I’m likely to perceive them as unfocused and possibly desperate – just eager to get a foot in the door but not invested in something specific and therefore more likely to leave the role/company early.

 

Do you have any tips for college students or recent grads on making their resume stand out?

Yes! So many tips, but I’ll focus on the big ones.

  • Tweak your resume so that you highlight your skills and experiences that relate well to what the employer is looking for as stated in the job description. Don’t assume that they’ll just connect the dots – help them get there and make those highlights your leading bullet points under a specific job or internship.
  • There’s really no reason for your resume to be more than 1 page unless you’re coming from a graduate program and are already deep into your career. That said, limit your bullet points to the most important contributions you’ve made.
  • Quantify wherever you can! Example: “Increased customer service scores by 28% as a result of…”
  • Skip the objective section that so many people include at the top of their resume. The objective is to land the job you’ve just applied for and we already know that.
  • Have a second set of eyes review your resume. Typos can be deadly as first impressions go!
  • Do you have any tips for college students or recent grads on making the most of an internship?
  • Perform as if your entire internship is an interview because that’s really what it is. Come to work every day as if you’re fighting the competition to keep your foot in the door with the company. 

 

 

Want to know when Vantiv will be recruiting at your college or university? Click here for a list of our upcoming career fairs.

gjsissons

Pay with Google

Posted by gjsissons Sep 19, 2017

Google easy checkout easy revenue photo tw.png

An opportunity for increased sales and conversions


Mobile wallets have been in the news recently, with much of the focus on the relatively slow adoption of mobile wallets in North America. When looking at statistics though, the answer we get often depends on the question we ask. Rather focus on a few mobile wallets, we might instead ask, “What percentage of online purchases are made using stored credentials?”


According to Mckinsey, the answer to this question is a much bigger number - already around 50 percent. Every time we purchase an app or movie in the Play Store, buy something on Amazon Prime, or shop at our favorite web store, the chances are good that we’re using digitally-stored credentials. Mobile wallets represent just a slice of a broader set of digital payment options already accessible from mobile devices.


For online shoppers, convenience is king


Few customers have the patience to key in payment card and address details on a small screen device like a phone. Unlike the point of sale, where mobile wallets provide only minimal added convenience, for online purchases the difference in convenience is huge. For online merchants, providing access to stored credentials is essential. Consumers purchasing online would much prefer to authenticate themselves with a thumbprint or password than key in a hundred or more characters. This consumer behavior explains why according to the same Mckinsey study, total U.S. digital wallet transactions (broader than just mobile wallets) is forecast to grow to $1.2 trillion by 2020, representing approximately 18-20 percent of retail spending. For wallets, online commerce is where the action is.

 

About Pay with Google


Pay with Google is a new service offered by Google, implemented using the new Google Payment API.  Google is one of the world’s most recognized brands and Google users across the globe have hundreds of millions of credit and debit cards saved to various Google accounts. These users make purchases on Google properties like the Google Play, YouTube, Chrome and more.


With the new Google Payment API, merchants can reach these same customers by letting them use their cards on file with Google to make quick, easy purchases from mobile apps and websites when they’re shopping from mobile devices or using the Chrome browser.

 

pay_with_google.PNG

For mobile users, this offers a new level of convenience. Even if I’ve never visited a merchant before, as a consumer, I can select “Pay with Google” as an alternative to keying in payment card details. Google will look up any payment cards I have on file, present them to me, and allow me to choose the credential to use as shown above.


Pay with Google extends Android Pay functionality, however unlike Android Pay which can be used at the point of sale (tapping your phone in a store or restaurant) Pay with Google is designed for online purchases only. Consumers that have already activated their Android Pay wallet can continue to use their Android Pay credentials, providing a seamless transition for users and merchants already supporting Android Pay. The main difference when users Pay with Google is that they can access any payment card on file with Google, even if they’ve never activated a mobile wallet.

 

Lowering the barriers to online commerce


For merchants, Pay with Google is an important innovation. Juniper Research estimates approximately 24 million Android Pay users in 2017, and Google already has hundreds of millions of cards on file across its various platforms. By removing the need for consumers to pre-load a payment card into a wallet, merchants can benefit from faster checkouts, more conversions, and increased sales.


While Pay with Google is significant for all merchants, it may be especially important for small merchants competing with larger online retailers. Pay with Google helps level the playing field, providing all merchants with the opportunity to offer the same streamlined purchase experience that users expect from tier-one retailers. Consumers can enjoy a seamless checkout experience even if they’re visiting a merchant’s website for the first time making it easier to attract new customers.

 

Pay with Google and Vantiv


Vantiv is presently one of just a few payment providers able to offer Pay with Google functionality for merchants. Vantiv’s Pay with Google integration utilizes an existing server-to-server connection between Vantiv and Google that facilitates the secure and efficient transfer of payment credentials and provides developers and merchants with a straightforward integration experience.


Whether merchants are already using Android Pay with Vantiv, or are just getting started with digital wallets, Vantiv can help merchants get up and running quickly.


Developer resources for Pay with Google will be available at Vantiv’s developer portal, Vantiv O.N.E., in the Mobile & Digital Wallets section once Google officially unveils the Google Payment API. Extensive documentation and code examples on Vantiv O.N.E explain how developers can add Pay with Google functionality to their Android App or their website.


Effortless checkout is what customers want. Register today for our Oct 5th webinar to learn how to implement Pay with Google for your business.


If you have questions or comments about Pay with Google or any other digital wallet, I’d love to get your thoughts and comments.

gjsissons

Understanding Interchange

Posted by gjsissons Sep 6, 2017

A Primer on Card Processing Fees for Developers

For developers who have worked mostly with eCommerce gateways, coding to a payment processor can be a different experience. The interfaces can feel a little more complicated because they expose additional fields and capabilities including support for various types of card present transactions. It turns out that understanding topics like interchange fees, assessments, and discount rates are worth a developer’s time.  By keeping processing fees in mind when building payment applications, developers can code in a fashion that can potentially help merchants avoid fees or reduce chargebacks.

 

Types of credit card fees

 

Interchange and assessment rates and fees

Certain fees are usually non-negotiable, including interchange and assessments.  Interchange and assessment fees are determined by the card associations and are charged to payment processors, who then collect the fees from their merchant clients.  Interchange goes to the authorization network (the banks that issue credit cards) to pay for the verification and routing of funds, and assessments go to the card brands (Visa, MasterCard, etc.) for the privilege of using their cards. The interchange rates are based on how a transaction is conducted—whether it’s swiped, dipped, keyed, conducted online, and well as the merchant’s business type, size, and many other variables.

 

Acquirer fees

In addition to collecting interchange and assessment fees for the card brands and networks, credit card processing companies also known as “acquirers” also assess fees to cover the costs of the services they provide to merchants.  Unlike interchange and assessment fees, this type of fee can vary by processor and can sometimes be negotiated.

Fees in this category pay for services such as equipment rental, payment gateway access, PCI compliance programs, minimum processing amount, online reporting, and many other value-added services that make payment processing convenient and reliable for merchants.

Sometimes credit card processor fees are listed separately from interchange and assessment fees, but some processors bundle them into one rate.  It’s important to talk to your credit card processor about their particular fees including what they are for, how they are collected, and whether you need the particular service associated with the fee.

 

Popular pricing structures

Pricing structures can vary widely and are complex by nature.  It’s important to note that one pricing model isn’t inherently better than another. It all depends on your business and the variables noted above regarding business type, processing volume, acceptance methods and so on. Let’s take a look at some of the popular pricing strategies used by processors.

 

Flat rate pricing

Flat rate pricing consists of one monthly fee that covers all the processing services a business needs and is commonly offered by payment facilitators (PayFacs) that don’t require a merchant account.

This type of pricing is non-negotiable and doesn’t fluctuate with transaction volume.  Every transaction receives the same rate.  This appeals to businesses that value simplicity and don’t have large transaction volume or high average ticket values.

 

Bundled or tiered pricing

In a bundled or tiered pricing model, transactions are categorized into different pricing tiers—qualified, mid-qualified, and non-qualified—based on their risk factors like whether the card is present, whether it was swiped or key entered, and whether PIN or signature is captured.  Qualified transactions are the safest and therefore have the lowest rate whereas non-qualified transactions are the riskiest and have the highest rate.

This type of pricing generally requires a merchant account and can save money in the long run for larger, more complex businesses due to their processing volume and card acceptance variables.

 

How does this impact the developer?

 

How you code payment transactions matters because decisions you make can affect Interchange fees.  Following card brand rules is essential to not only minimizing fees but instances of fraud and chargebacks as well. As examples:

 

  • For card not present transactions using AVS to deter fraud, the accuracy of the address match (returned in response to an Authorization) will impact interchange rates – the better the match, the lower the rate.
  • Providing detailed metadata in payment transactions (like industry types, terminal types, electronic indicator codes and commercial card IDs) can also help merchants obtain more favorable interchange rates. If this information is not included in an Authorization request, card brands may err on the side of caution, defaulting to higher rates.
  • For B2B applications, collecting and passing data fields required for Level II or Level III transactions can help reduce interchange rates further.

 

For developers, to minimize merchant costs, it is important that their payment SDK or API provides the ability to accept and pass on as much of this supplementary metadata as possible. Vantiv’s triPOS and Express APIs for card present transactions are good examples of APIs that do this. Both allow for extensive metadata collection including things like freight, duty, taxes, ship-from and destination zip codes, and a variety of other items that can affect interchange fees.

 

To learn more about Vantiv APIs for point of sale developers including the triPOS and Express platforms described above, visit our Point of Sale Integration resources.

 

For similar resources for card not present and mobile payment integrations, visit our developer eCommerce resources.

One of my takeaways from this year’s Retail IT VAR of the Future Conference was to read The Toilet Paper Entrepreneur by Mike Michalowicz. The book was recommended to me by Erick Wilson, the President/CEO of TEC Works, a growing managed services provider in Florida. When I asked Erick what was the key to the success of his business, he said this book turned everything around for him.

 

The Toilet Paper Entrepreneur is one half inspirational, one half practical on how to build and grow your business on a shoestring budget. It’s also filled with all sorts of cringe-worthy bathroom humor, but I’ve spared you of that in my notes below. 

 

Following are 21 insightful quotes from the book that can be applied to ISV organizations:

 

  1. Have you ever been doing your business with your pants hugging your ankles and, when you are ready to wrap things up, noticed that you are extremely low on toilet paper? The best option is to manage with what you've got.
  2. When we literally have no option to just get up and walk away, we find a way to get the job done.
  3. It's awe-inspiring how careful, thoughtful, and innovative we are when our supplies are scarce.
  4. The real deal of successful entrepreneurship is bloated with failures, drenched with progress, marred with mistakes, and peppered with major achievements.
  5. Always bet on the individual who is serving his calling, not the guy who is doing it for the money.
  6. Passion begets persistence.
  7. Excuses are a great mechanism to apply logic to our fears.
  8. Early entrepreneurial success is defined by surviving, not thriving.
  9. Once you define your values, document them in a way that sings with your soul.
  10. Starting a company is all about serving your needs, your beliefs, and your values first.
  11. Know your prospects better than any of your competitors and you will have an easier time finding them. Recognize that by knowing one group so well, you will not know other groups at all.
  12. You have a “super strength” that no one else will ever match: you care more about your business than anyone else.
  13. Area of innovation: What is the area where you just can't be touched? What specifically do customers rave about when they talk about you? This is your area of innovation, and you must commit to leading in this area for the life of your business.
  14. The familiarity of repeating past actions, albeit unsuccessful ones, can seem much safer than moving decisively down an unexplored path.
  15. Entrepreneurs who adhere to life principles and constantly adapt to elusive business dynamics experience enormous, lasting success.
  16. Properly executing a process is all about doing it first, then planning for it. The first time through is often best served with less planning and more doing.
  17. The devil is in the details, but you will have a devil of a time getting anything done the first go around if you fixate on them.
  18. The more mistakes you make, the more progress you're making. Just don't repeat the same mistakes.
  19. Mistakes are good, successes are great, and idleness is a sin.
  20. A lack of resources forces you to use ingenuity, a skill that will help you stay ahead of the pack for your entire run.
  21. Ideas don't make money; effort does.

 

If you’d like to talk more about The Toilet Paper Entrepreneur and how to improve your ISV business, please reach out to me. My job as a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services is to work with Vantiv partners to help them with hiring right, developing staff professional development programs, improving customer service, and more.

 

 

For more On the Edge content, please visit the Vantiv Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Vantiv’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.

 

audrey inniger 400px.png

Audrey Inniger is a campaign recruiting program specialist here at Vantiv. As college career fair season is about to kick off, I asked her what she loves about her job, and what advice she has for college students approaching recruiting tables at their college's job fair.

 

What’s your favorite thing about your job?

I love the variety; truly no day is the same! I experience the most variation in regards to the different groups with which I work. From current students to University career services to the business functions I support, there is a wide range of partners I encounter on a daily basis, who I am always learning from.

 

Also, I love the opportunity for growth throughout campus recruiting initiatives at Vantiv. As our campus recruiting programs are fairly young when compared to other organizations, this leaves room to experiment with new ideas in order to attract talent.

 

I know, I know – This is two favorites, but there is a lot to like about my role!

 

How did you get into HR?

Funny enough, I started my college career at Miami University (Go Redhawks!) believing I wanted to be a Speech Pathologist. After realizing the years of school required and the amount of tuition debt I’d accumulate, I stumbled upon an internship within Human Resources, as a Generalist. After my internship, I changed my major to Business Management & Leadership, with a focus in Human Resources. As I had several mentors from my first internship through Miami University, my mentors advised me to begin my Human Resources career within Talent Acquisition. I took their advice and began my fulltime career hiring in-house talent for a small PR and Marketing software company. Through this position, I was asked to build a campus recruiting program, which I enjoyed immensely.  In February 2016, I joined Vantiv and the rest is history!

 

What are some tips for college students or recent graduates looking to stand out at a job fair?

Showcase what makes you, YOU. The best and most memorable conversations I have are those in which the student talks about their passions, interests, and quirks. Enjoy skydiving? Have a passion for cooking international fare? Rap music enthusiast? Tell me about it! Highlighting those characteristics will make you most memorable at the career fair and will spark a more natural relaxed conversation.

 

Do you have any advice for college students or recent graduates on acing their first interview?

Do your homework, which includes homework on the company, on the people you are interviewing with, on the city where the role is located. LinkedIn should be your best friend!

 

Once you’ve done your homework, prepare thoughtful questions to ask the recruiter or hiring manager in which you are interviewing.

 

Can you do a little “myth-busting” on any career advice you’ve heard dispensed that is flat-out wrong?

“Accept the highest paying job offer.”

 

Money doesn’t buy happiness. Although salary is one factor to consider, also consider the company culture, your team (especially your direct manager), as well as career advancement opportunities.

 

Want to know when Vantiv will be recruiting at your college or university? Click here for a list of our upcoming career fairs.

To say that application architectures are evolving quickly is an understatement. In the age of cloud, mobile apps and back-end services can simply never go down.  Developers are increasingly turning to scalable, resilient micro-service architectures based on Docker containers as a preferred way of building applications.

 

Stats from the last DockerCon 2017 event in Austin shine a light on the pace of change.  Today there are more than 14M Docker hosts and more than 900K Docker apps.  In just the last three years there has been a 77,000% increase in Docker job listings and a 390,000% increase in Docker image pulls.  Payments are often a feature of cloud-delivered application services including mobile apps, online gaming, and new types of interactive voice-activated services.  As a result, developers of payment-enabled applications are getting swept up in this enormous shift.

 

The Case for containerized applications

Among the reasons that developers favor containers is that they promote modular design, code reuse, unit testing and lend predictability to application deployments.  If my application needs a database, key-value store, and a web-tier, rather than deploy hardware or a VM, I can simply pull Docker images of MariaDB, Redis or NGINX, add my application logic and publish my own derived Docker containers to my favorite registry. I can rapidly wire together these containers into an application comprised of multiple service tiers using a lightweight YAML (yet-another markup language) specification and publish a complex, multi-tier application to a containerized orchestration environment in seconds.  The explosion of interest Docker and containers has ushered in a revolution in how applications are built and deployed. Today there are dozens of container management platforms supporting these types of applications including Kubernetes, Docker Swarm, Amazon ECS, Azure Container Service, Google Container Engine, Mesos Marathon and more.

 

Payment applications pose unique challenges

In this brave new world, containerized services are ephemeral, can scale up and down dynamically, and are placed on Docker hosts based on run-time conditioners by sophisticated schedulers.  Application administrators often lack visibility to what VMs their services are executing on not to mention the cloud or physical host.  These environments pose unique challenges for both Docker users and assessors when it comes to PCI DSS compliance.  A discussion of securing Dockerized applications is too big a topic to address here, but a challenge that developers invariably face is how to securely make secrets like payment API credentials available to application logic inside a Docker container.

 

Enter Secret Management

This challenge of managing secrets is not unique to payments. Secret Management solutions have existed for years for Software Configuration Management (SCM) tools like Puppet, Chef, and Ansible.  What makes Secret Management challenging for containerized applications are issues of scale, the breadth of public cloud providers and the sheer rapidity with applications evolve.

 

To explain the issue, imagine we have a cloud-resident component in a Docker container that needs to call one of Vantiv’s end points on behalf of a merchant.  The challenge is how to get the credentials to the application securely.  The credentials can’t reside in the Docker image itself, or they would be visible to anyone, and all instances of the application would share the same credentials.  Similarly, they can’t reside in a YAML specification that is accessible to anyone on GitHub. We might have the idea of encrypting the credential and passing it to the container, but then the question becomes how do we distribute and protect the key needed to decrypt the payload holding the credential? If we attempt to pass the key across an encrypted channel, we still have the problem of passing additional keys needed to secure the channel. It’s a challenging problem. Dan Somerfield of ThoughtWorks describes this “bootstrapping” problem generically in his talk titled Turtles All the Way Down.  What’s needed is a secure way to pass payment credentials in a fashion that is cloud provider agnostic.

 

Securing Payment Credentials in Containerized Applications

Because Docker containers are all in the rage in cloud deployments right now, I wanted to look at this problem in the context of Docker.  As with so many areas of technology, there is not a single solution for secret management; there are literally dozens (partial list here).  In the world of container orchestration frameworks, however, industry consolidation is taking place and leaders are starting to emerge. Kubernetes (open-sourced by Google) is enjoying considerable enthusiasm followed by Docker Swarm, followed by the big cloud providers with their container management and secret management solutions. (Google’s GKE uses Kubernetes, formerly known as Google Borg). If you learn the approach used by Kubernetes, the good news is that you can address a large number of container orchestration frameworks and cloud services that use Kubernetes as their foundation (list here).

 

For developers or operations folks who want to get their feet wet with Kubernetes secret management, I’ve developed an end-to-end example showing how secret-management in Kubernetes can be used to pass payment credentials used by Vantiv’s eCommerce platform securely.  You can find this example in our Vantiv Labs area in Vantiv O.N.E.

 

If you’re interested in learning more about securely managing payment credentials in Kubernetes, check out the explanation and example here.  I’d love to get feedback and learn how developers are managing secrets in your applications.

lena headshot for web.png

Lena Rutherford, intern extraordinaire, is a student at Miami University. This summer she interned at Vantiv's Denver office. I chatted with Lena about her internship here and what her plans are for her (bright!) future:

 

What are you studying in school, and what do you hope to do for your career?

I am majoring in Business Analytics and minoring in Arts Entrepreneurship. I love this combination because I am very balanced between my left and right brain. I hope this combination will give me the tools to measure ambiguous things through applying data analytics to value creation in the arts.

 

I want to have several careers, beginning with data analytics (perhaps in the technology consulting field), building into more strategic and creative roles that are infused with data, pivoting into starting my own company (or companies), and ending in venture capital. I hope that the skill sets I continue to develop in data analysis and business strategy will propel me to diverse roles and companies throughout the technology industry and the world.

 

What have you learned during your internship?

Coming from a startup last summer, Vantiv has taught me how corporations function and has given me a new appreciation for how standardization aligns diverse products and people. I have learned about the industry through PI planning, product meetings, and projects.

 

Creating a competitive analysis matrix for PayFac and researching industry verticals and horizontals for a strategy presentation deepened my industry knowledge through hands-on experience. More closely related to my major, I have learned about financial data through conducting a historical analysis of IP equipment data and by reconstructing financial models.

 

My internship has taught me as much about myself as it has about the business world – how I work best, how I form business relationships, and how to achieve work/life balance (despite a 45-minute commute). These are only a few things that I have learned, but there are many more things that I am grateful to my coworkers and this opportunity for teaching me.

 

What will you take with you from Vantiv?

Of course, I will take this experience and the professional relationships I've made with me. The subtle, everyday things I have done here have accumulated into this nebulous term, “experience.” I am thankful for what a rich and positive experience it has been and for how I will be able to build off of my experience wherever my career takes me next.

 

I have also formed great relationships with my coworkers and want to continue these relationships after my internship ends. I have greatly enjoyed getting to know the abundance of friendly people here at Vantiv and will miss seeing everyone daily.

 

We'll miss seeing Lena around the office, but we wish her all the best for this school year and beyond.

Lena and Lydia for web.png

 

Want to intern at Vantiv or just learn more about us? Vantiv will be at recruiting events at several colleges and universities this fall, including Miami University (so we can say hi to Lena). Come see us.