Customers who shopped at Target between Nov. 25 and Dec. 15, 2013 likely had never heard of Fazio Mechanical Services, the Pennsylvania-based refrigerator repair company whose account was used by hackers to steal millions of credit card numbers from the Target Corporation. At the time, it was the largest credit data breach in history.
Computer programmers worldwide took note, as did Spreedly, a payment security startup in Durham.
“We saw opportunity,” says Spreedly CEO Justin Benson (pictured above).
The effects on Target were devastating, not only for the hacked customers, but also for the big red retailer. Target’s profits fell 40% in the next quarter. Stock price fell by 10%. The company fired its CEO and CIO within months. Millions had to be paid out to victims, and over $100 million was pledged to a long term security plan to salvage the firm’s PR disaster.
What might be most amazing about the Target hack, however, is how quickly that number was eclipsed in 2014. That year would see stolen consumer records in the hundreds of millions, with names like Michaels, UPS, PF Changs, Goodwill, Sony, Staples and KMart admitting data breaches. Leading the pack was Home Depot with its record 100+ million emails and credit cards stolen.
Credit card fraud is estimated to cost $12 billion a year worldwide and that doesn’t include opportunity costs to the global economy—the purchases not made and accounts not created from fears over hacking, the investment not made into new apps and services and startups because of the risk and high cost of payment security.
It’s a massive problem for businesses, which are seeing sales and traffic from brick & mortar switch to online without the corresponding profits, and it’s an issue for both large corporations like Target with huge liabilities and tiny startups that can’t afford independent security and billing departments.
It’s such a worry for retail and commerce that a staggering amount of money is being thrown at finding a solution, and the venture capital/startup world is responding. Over $2 billion was invested this past year, more than double the year before. But perhaps most tellingly, payment startups are making record time speeding through funding rounds, showing how seriously the market is demanding new products to help ease the move into ecommerce as online sales are expected to approach half a trillion in the US annually by 2017.
This is the atmosphere in which Spreedly operates—one of loads of opportunity against a wall of uncertainty and obstacles. The startup is working to simplify payments for the mid-sized, small and startup firms that might not be able to afford or risk running payment systems on their own. And even though they’re less likely to work with the Targets and Home Depots, all payment companies are doomed to deal with the PR issues of everyone else in the electronic payments space.
Spreedly, which has been around since 2007, has benefited from the furious rounds of funding that many other payment startups have seen. The company famously raised $300K in 10 days in 2013, and has lump sums of $150K and $750K to boast about as well, with a total of $2 million in investment to date. It's a lean company as you might expect, with only 12 employees, and yet they're doing a lot of business, also as you might expect in the current climate. The company has added 60 customers in 2015, bringing its total to about 250.
Spreedly sees over $1 billion a year move through its platform.
“Our revenues, number of transactions, amount of revenue transacting on our platform have all pretty much doubled in the just the last six months,” Benson told me over email.
Spreedly does the “heavy lifting” for its customers in terms of payment, as Benson puts it. Taking credit cards seems relatively simple from the consumer’s standpoint, but it’s anything but, often involving multiple technical gateways and services to connect consumers to merchants and to each of their banks. And that doesn’t even mention the security needed to lock it all down.
In fact, security is the biggest issue here in most cases—as exemplified by Target’s problems. One of Spreedly’s most important services for startups is what’s called “vaulting” (or storing) and "tokenizing" credit cards for businesses so they don’t have to. Not only does this offset legal risk (companies aren’t tasked with storing credit cards, something they’re probably not skilled at anyway), but consumers are better off and more likely to buy, since they can then make future purchases without re-entering their credit card information again and again.
The effect on business sales is enormous. On large screens and desktops, users have been accustomed to bouncing around to different sites or pages to pay for items—it’s much easier there to type information into forms. This doesn’t fly anymore on mobile, Benson says. Sales conversions skyrocket when consumers can stay within the same app or webpage to make a purchase.
And, conversely, sales plummet when they can’t. This can make or break a startup or small business, where profit is low and risk is high. Spreedly is working to reduce the risk, and the effects on the economy will not go unnoticed if entrepreneurs know they can sidestep the risk of taking money once they actually start making it.
Benson is well aware Spreedly is making things much easier for small businesses.
“We saw that commerce wasn’t happening in one space anymore, and that gets really complicated for businesses,” he says. “There’s tokenization, mobile libraries, for each iOS, web and Android, and there’s processing rates and forward services and international currencies. They’re going to need all kinds of services and be able to take all kinds of payment. It would be weird for a company to do all of this at once. We’re allowing companies to do this turnkey all with Spreedly.”
It’s hard to overstate how convenient Spreedly can be for a startup, which can now eschew expensive PCI-compliance. Spreedly also charges businesses a set monthly rate based on the services they need, whereas most payment companies want a piece of each transaction.
Perhaps most importantly, Spreedly remains determined to be an open API platform, able to work with as many forms of payment as possible—a decision that will almost certainly make things easier for everyone involved long term.
“We’re agnostic,” says Benson. And with all the obstacles the payment industry is seeing online these days, that’s probably the best way to be.