National Pawnbrokers Association Convention 2015 - Data Security !

NPA - National Pawnbrokers Association RECAP 2015

OFFICIAL VISIT FROM THE PRESIDENT OF NPA, LARRY, AND SECRETARY OF NPA, TIM, HIGHLIGHTS PAWNBROKERS AND THEIR CUSTOMERS DATA SECURITY.

What a joy to see the leadership of NPA stop by Bravo Pawn Systems to discuss with me Customer Data and ATF Cloud Data requirements.  Customer privacy is a number one priority today for all businesses.   I have been blogging for the last 4 years about data security and the fiduciary responsibility Pawnbrokers assume when conducting a loan transaction.  Negligence not using best business practices to protect customers’ data today could cost you your pawn business.

As the United States Government Human Resource center lost 22 million U.S. Government Employee records last month, the Head of the Department, Ms. Archuleta stepped down this week.  By the way, the data was not in the Cloud, it was on premise.  Nearly all of data breaches today are on premise.  Nearly all data catastrophes and breaches are onsite and are employee related physical breaches. These onsite servers and internal networks designed in the 70’s thru the 90’s were designed before the Internet.

Bottom line, the business owner is becoming more financially liable each day as data simply becomes valuable and worth stealing.

Pawnbrokers, who acquire personal information from customers, are responsible for protecting customer information.  You have a legal responsibility.  You have a fiduciary responsibility.  Read more: Gramm-Leach-Bliley Act – Click here.

All businesses today are responsible for their customers’ data.

Those of you that don’t use systems to transact, have the most risk. 

 

The all paper pawnbrokers.  The common method to protect your customer’s identity is to Shred every piece of the paper after the various required holding periods.  Best practice also suggests shredding all trash.  You are required to protect any customer information in a protected environment.  All ATF records must be stored in a safe, protected environment for the life of your business.  The ATF licensee has a fiduciary and legal responsibility to protect the government records.  Make sure you keep up with the latest ATF requirements on how and where to store these records.

Those of you that use in-store servers with the most commonly used Pawn Software available today are not encrypted and not protected. 

Pawnbrokers that use server based systems have a fiduciary and legal responsibility in protecting your customer’s data.  This old legacy infrastructure was not designed for the Internet and today’s cyber criminals.  You are responsible and financially liable.  Any Pawnbroker that is using the internet on any of their terminals is exposing customer data through the in-store network.

Most of you backing up your data are not encrypted.  It is imperative to be knowledgeable about what physical location your data is being stored, how it is encrypted, and whether it is located in the United States.

This also includes the protection of your physical computer server.  Again, like paper with customer data, your server is required to be in a locked, secured, and environmentally protected environment. You are required to keep up with data center best practices to protect your customer data.

On a technical note.  You are required to protect your servers from outside intrusion.  Meaning firewalls, data encryption, software intrusion protection.  This should be maintained at least quarterly.  A qualified SA, Systems Analyst, can be utilized to put together a plan for you.

In the old days, 5 years ago, most business were solely focused on their systems performing business requirements to run their business reliably.  Today’s focus must be the protection of your customer data.

Data Center – What are they?  Why should you consider?

Data Centers have been around for 40 years.  Today’s data facilities offer the space and expertise needed to comply and accommodate today’s businesses that use computers to run their business.  They simply became useful and popular because businesses needed a place to put their computers in an environmentally controlled environment.  This was a warehouse with power, air-conditioning, and supported a dry fire retardant system.  Building these environments on premise became very specialized and required specialized personnel. Computer systems, networks, and internet service continue to change so fast that housing requirements for all of these were becoming more and more important and hard to keep up on.  A whole new industry evolved and now most companies host and locate their servers in a NAP.   

A NAP is security rated by an industry term called Tier 1, Tier2, Tier 3, and Tier 4.  Tier 4 facilities are the most secure Data Centers in the World and only 4 exist today.  One of these four is located in Las Vegas – the SUPERNAP – click here.

Sticking your server under a counter, back room shelf or in a closet is considered negligent today.  Today’s businesses are expected to protect their hardware using this best practice.  I have also seen that if you look at the fine print of your business insurance policies, this provision is being expanded. 

 

Then the Internet came around and created a new paradigm.  The Cloud.

Cloud - Computing and Data Storage.

 

Cloud Storage and Computing.  What is it?  Is Cloud Computing different than Cloud Storage?  Where is the data?  What is the Public Cloud?  What is the Private Cloud?  What is Napster?  What is the server in your store?  Could your computer server in your store be a Cloud?  What is data encryption?  Do all computers systems encrypt data?

The Cloud.  

Do you remember Napster? It was a music sharing service.  If you signed up and put your music on your computer, others could get to it, and you could get to others.  Millions of people signed up as the perfect cloud storage network was formed.  You requested a music download and somewhere on someone’s computer a song would down load to your computer from anywhere.  This spawned an inter connectivity computing and data storage revolution along with the Internet.  From this the Public Cloud was formed.  

Public Cloud.  

Most people believe this is “The Cloud”.  This is a bunch of computers and storage devices that may interconnected everywhere or could be just one location.  Essentially anyone can borrow computing power or storage from a data center or someone’s computer, anywhere in the world.  In order to use a Public Cloud you could be just one tenant to use a facility, or you could be one of millions of tenants using the facility.  Any type of business can use these shared services.  One company’s Public Cloud service often utilizes other Public Clouds services.  These are commonly called shared services.  The underlying connectivity of these services play an important role as well.

Most U.S. Public Corporations do not use the Public Cloud.

Private Cloud.  

Most Pubic Corporations use the Private Cloud.  Private Clouds are generally a specific physical data center location and may be connected to other specific data center locations.  These data centers are generally located in a NAP.  But many can be located at any type of location, even your home.  Only specific users can utilize the computing resources and storage of a Private Cloud.

The private cloud is a highly controlled environment not open for public consumption. Thus, a private cloud sits behind a firewall. The private cloud is highly automated with a focus on governance, security, and compliance.

At this year’s NPA convention I heard that some Pawnbrokers are using one single server in one of their stores for a number of their other store locations.  This is technically a Private Cloud.  By the way, the new ATF Cloud regulations apply to those that are using this method.

Hybrid Cloud.¹

 

A hybrid cloud is a combination of a private cloud combined with the use of public cloud services where one or several touch points exist between the environments. The goal is to combine services and data from a variety of cloud models to create a unified, automated, and well-managed computing environment.

Combining public services with private clouds and the data center as a hybrid is the new definition of corporate computing. Not all companies that use some public and some private cloud services have a hybrid cloud. Rather, a hybrid cloud is an environment where the private and public services are used together to create value.

A cloud is hybrid:

·         If a company uses a public development platform that sends data to a private cloud or a data center–based application.

·         When a company leverages a number of SaaS (Software as a Service) applications and moves data between private or data center resources.

·         When a business process is designed as a service so that it can connect with environments as though they were a single environment.

In my 30 years of system development, including an expert understanding what The Cloud is, I have found that an overwhelming number of “Cloud” definitions exist. My meeting with the NPA executives was only 15 minutes, but scratching the surface with these representatives was a good start and we welcome this conversation because this topic is a number 1 priority.  

Hybrid Cloud¹- http://www.dummies.com/how-to/content/what-is-hybrid-cloud-computing.html

EBay and FedEx team up to take on Pawn Industry

EBay and FedEx team up to take on Pawn Industry

Monday morning FedEx stores launched eBay Drop Off.  I have included pictures of the FedEx in store display signage and EBay Drop Off counter signage that FedEx has allocated to this new product offering.

How does it work? 

You bring in your item. FedEx enters in your personal eBay account name or helps you to create a new eBay account on an Apple iPad. They take some general pictures of the item and send off to eBay for free.  When eBay sells the item, the customer will get 70% of the sales price.  During the process there is some negotiating as to what the price of the item should be worth, using the selling value data eBay has. 

Sounds like a Pawnshop to me.

Even FedEx wants to be a Pawn Star.

We have been blogging about the direction of online activities since 2000 with the likes of Wal-Mart and GameStop taking slivers of the pie from the Pawn Industry. 

But this… this is a big piece of the Pawn Pie. It will be a significant hit to pawnbrokers.   

We believe UPS will follow. We believe we’ll watch the giants compete for this important market share and customer base.

Pawnbrokers will see product flow and margins erode.

Why are EBay and FedEx getting into the used merchandise business?

For one, Margin.  Pawnbroker margins are unheard of in the retail world.  If retailers could get their hands on used product efficiently they would, will, are gaining steam.  Whereas new merchandise online has limited price elasticity because the manufacture can only produce the product for a set price plus their profit, used merchandise has no bottom.

  

The online space is the perfect marketplace.  This has been the effect of many product categories on EBay and Amazon over the last 17 years.  As volume and scale increase, processes get better; resulting in squeezed margins driving out those re-sellers that have not figured out how to compete.

Mom and Pops will face sharp competition.

Why has it taken so long for EBay to get into the game?

There are businesses that have been replaced with pure online platforms. For example: Netflix.  The Pawn Business is one business that has not proven it works online.  Asking customers to loan and sell their items by sending them to a stranger isn’t easy.  That is where FedEx comes to rescue with Drop Off.

Without the brick & mortar infrastructure and network of locations the Drop Off idea is dead.  But what makes the EBay/FedEx partnership inevitably successful and powerful this time around is the shipping logistics. 

It’s a disruptive business model to the Pawn Industry.   

The Pawn Industry is heading into trouble and more is coming.  

We have reported that over the last 36 months Silicon Valley has invested $800m dollars into system platform investments opportunities focused on the re-sale of merchandise.

Why is there so much interest from Silicon Valley?

You have heard this before.  It’s the data.  But it’s also the customer.  The combination of a customer that buys and sells stuff using the internet whether online or in store is a big fat profitable customer.

We have been shouting out that the cost to acquire customers is the most important element in today’s business environment.  Pawnbrokers have been stubborn to look at this component, but are finding out that they have the most desirable customers out there.  The outsiders, our new competitors, have discovered the business drivers. The Pawn Industry enjoys big fat margins and their customers keep coming back.

Why will the consumers like this product?  Easy & Fast!

What has been learned about today’s consumer is that they want it to be easy and fast.  eBay and FedEx have figured out the easy part.  The FedEx employee told me it took less than 1 hour of training to understand what she needed to know.  My experience was you can get in and out in less than 5 minutes.  Drop it off and ride into the sunset with your receipt. Then wait for your money to hit your account.

The wait part is an important part of the consumer acceptance and adoption.  There is speculation that they will be advancing payment depending on your feedback rating.  This is disruptive business model and further attacks the Pawn Industry.

We believe that getting cash into your customers’ pocket is 70% of the equation.  This will be the only competitive advantage Pawnbrokers will have going forward.

What about law enforcement reviewing merchandise like pawnbrokers?

Technically the consumer is selling the merchandise from their account and eBay is performing a service for their 30%.  It may not be fair, legally there is no duty to report to law enforcement.

What can Pawn Brokers do?

The thousands of subscribers that read my blog, you know where I go with this. I have been shouting this out since 1998. 

You have to do something!

We have been pawnbrokers, eBay sellers, and online sellers ourselves.

We have been developing solutions into the Internet since 1999.

We have lots of proven suggestions and solutions to get you started
.

At the NPA show next week, we will be showing our new...

“Bravo 2 Ecommerce” feature FREE with No success fees!

•  Craigslist
•   Gun Broker
•   Amazon
•   eBay  

Its a great time to get started.

Come talk to us at the NPA show. We would love to discuss how Bravo can improve your business and remain successful for years to come. Booth 226. See you there!