Alex Pezold is co-founder of TokenEx, whose mission is to provide organizations with the most secure, nonintrusive, flexible data-security solution on the market. In this interview he talks to Syntec’s Chief Sales and Marketing Officer, Danny Cresswell, about the future of contact center security in ‘the new normal’.
Danny: Can you start off by explaining what TokenEx does and how you sit in the market?
Alex: Sure. TokenEx is a data protection platform. Where we sit in the market depends on if you’re in the payment card industry, or if you’re talking about privacy. In the payment card industry, we sit in the transaction flows between where our customers accept payment card data and where they send it off to payment processors, or other third party providers, for payment processing.
The goal that we have in the payment side of the house is to reduce our customers’ compliance obligation and risk as much as possible by handling sensitive datasets like payment card data, CVV data, things like that, for them.
In the privacy space there are any number of identifying data elements that need to be protected. We desensitise or pseudonymise privacy data that our customers take in through web forms for various purposes whether it be healthcare, financial, credit, or any other business purpose. We desensitise that data, so neither the data subject nor our customer are at risk when the data is stored.
Danny: Are you primarily focused in healthcare and finance or can your platform be used for any kind of data?
Alex: Our platform can be used by any data-dense organization. Look for example at insurance. Insurance companies store a tremendous amount of data, not only financial data such as account numbers or payment account numbers, but also store a massive amount of other unique data points on a policyholder. Then look at retail, hospitality or travel. You see significant loyalty programs in those three verticals. They’re storing privacy data and payment instruments as well.
Our customers are organizations that are trying to store information and understand their customers better. They’re storing data to understand their customers’ buying patterns, claim patterns or whatever the case may be. We desensitise this data, so our customers can use it effectively but without the risk of having it within their own environment.
Danny: Do the payment and privacy sides of your business tend to be blended together with your customers? Would a customer typically take both or is it two separate things?
Alex: Actually, that’s a wonderful question. Traditionally the payments side has been a very easy use case for us to solve, particularly across complex environments including contact centers.
Syntec has seen first-hand how we’ve been able to work with its CardEasy platform and how easy it is to protect data through CardEasy. In this example payments is the primary use case, but privacy is a very close second at this point.
What we will normally see is one of those two use cases – payments or privacy – will lead with a new client and the other will shortly follow thereafter. One leads to the other. That said, the vast majority of our new opportunities are coming on the privacy side now, which is not surprising when you consider the size of the total addressable privacy market, particularly when you take the healthcare market into account.
Danny: When we last spoke two years ago the relationship with Syntec was just starting out. I think we’d done one implementation together at that point. How have things developed since then?
Alex: We have done multiple implementations now.
The way the Syntec platform is designed and the interaction between both TokenEx and Syntec’s technical people, have made it very easy for our platforms to operate together. To date there certainly haven’t been any customer challenges that we have faced. It’s been a wonderful partnership so far.
Danny: Can you give us a bit of a flavour of some of the projects that have been undertaken?
Alex: Sure. A recurring theme these days, particularly in the financial payment instrument space, is omnichannel. We’re working with customers that have the ability to accept payment card data through a web form or a mobile device, they also have a batch file that contains payment instruments and they also have a contact center that is in scope for PCI. All those different ways that a company will interact with payment instruments need to be secured.
TokenEx can provide integrations where we are technically accepting all of the payment card data. However, often when we’re supporting a call center as a payment channel it’s actually the Syntec platform that accepts the payment instrument and then makes a web service call to TokenEx to tokenise that data so the data that is sent on to the customer is desensitised and tokenised.
TokenEx has hundreds of integrations where we can share data through to the final entity that needs to receive the transaction flow or the payment card number or whatever instrument they’re using to complete a transaction, but we don’t have a fully digitised contact center solution so that’s where the relationship with Syntec comes in.
When omnichannel opportunities surface, or where our customers reach out and say that they want to use a contact center or have a contact center that they need to get out of scope for PCI, that’s a significant pain point for them.
We can handle the vast majority of the other acceptance channels where they’re interacting with data, but at the point where a contact center is in scope then we’ll introduce Syntec. Together, we are able to span the breadth of customers’ omnichannel presence from web forms, mobile devices and batch files that are sent for settlement at night through to the contact center where they’re performing customer service, or somebody needs help buying something. It’s a great combination between the two organizations.
Danny: Can you talk a little bit about the complexities of omnichannel and how you see that going in the future?
Alex: Organizations want to provide as many avenues as they can possibly provide for consumers to consume their products or services. The demand for omnichannel is only going to increase over time, giving people as many means as possible to sell or buy products and services.
Not only are we researching and developing solutions to meet that demand, we’re also listening to our customers and our partners telling us, “Hey, this is what this customer is doing, this is what they’re asking for. How can you help us develop our omnichannel acceptance capabilities?”
We’re able to deliver this across everything that’s out there and available today, but the interesting challenge is going to be working with what’s coming down the pipe. For example, are people looking at cryptocurrencies to be able to purchase goods? Yes. So, how do you get in that flow and how do you interact with cryptocurrencies and facilitate those transactions? We’re constantly looking at new payment instruments and working on being able to provide technologies that protect that data as much as it needs to be protected.
Another interesting omnichannel challenge is that more organizations are moving to multiprocessor environments. For example, a traditional retailer will start off with a web form and maybe also a mobile device integrated with a payment processor. That quickly will grow because, as their footprint expands, they want to be able to grow internationally or they want to be able to have multiple payment service providers on the backend for business continuity purposes.
The problem with that is that if you have two different payment service providers, they’re going to have two different tokenization solutions. This then presents complexity in what can otherwise be a very simplified data flow with TokenEx.
So at TokenEx we’re not just looking at the frontend and considering how our customers are expanding their omnichannel acceptance and what technologies are present there, but we’re also working on the backend and considering how best to facilitate abstracting the data protection component of that data flow and giving our customers the ability to talk with as many service providers as they want.
That’s where we see the payment side moving. What we’re paying particular attention to is the enrichment that has to take place in the payment flows. For example, it used to be that EMV was going to solve the card-present fraud challenge. Now, they’ve introduced PSD2 in the EU and that deals with strong consumer authentication, which is only solved with 3D secure right now. You look at the standard transaction flow that occurs today, you have to be able to provide enrichment in that flow in order to meet international regulation, fraud reduction, card brand types of technology enhancements.
That’s what the TokenEx platform is doing. For example, we’ll be rolling out 3D secure and network tokenization to aid in the fraud component for card not present technologies as well as network tokenization that assist in false declines.
Also, let’s not forget the importance of data usability. I can’t stress the importance of this enough – as organizations grow and mature over the course of time, the data usability aspect becomes increasingly important to them.
Looking at companies that compete with TokenEx – can they desensitise or tokenise payment instruments? The answer is yes. However, the next step is to think about whether an organization has data from a loyalty program and, if so, what are the unique elements that need to be protected? Do our competitors actually protect those? If we take GDPR as an example, TokenEx is able to protect all the data required but whilst enabling customers to still be able to use it for data analytics purposes.
With TokenEx the usability of the data that we are protecting doesn’t go away. In other words, our customers still have the ability to use their data for analytics purposes, even though it has been tokenised and desensitised. They’re able to key off unique values as they would if they were storing the original consumer information or data subject information, and payment instruments.
Data usability is the number one question that we have whenever it comes to implementing our platform. Customers want to know if they can still use their data? The answer is yes. It’s going to be desensitised and you’ll have all the functionality that you have today.
Danny: What is driving innovation in the market today? Is it been pushed by regulation? Is it being pushed by consumers expecting a seamless environment? Is it being pushed by what companies want to do with their data?
Alex: I think it’s a little bit of all of the above. You have extremely forward-thinking companies that are finding new ways to drive innovation for the acceptance of frictionless payments. How can I reduce the anxiety of handing over cash or a credit card? How do I make it easier for consumers to buy? If you look at Amazon as an example, it has click to buy now. That completely removes the feeling that a consumer has about the exchange of cash for goods. That’s how a vast majority of organizations globally are moving. They want to provide the easiest, quickest frictionless mechanism for accepting a payment and transacting business.
In terms of driving innovation, that’s second only to the regulatory compliance obligations that are happening globally. You can’t really transact unless you know your customer. That’s going to include very sensitive information as well as payment instruments. How are you protecting those through that transaction? Regulation is driving here because we need to have a way to protect consumer information so it’s not at risk through the transaction process. People are adapting existing technologies to take into account new regulatory compliance obligations.
Danny: Let’s talk a bit about the pandemic and the future of contact centers in that context. Obviously, a lot more working from home, more selling online, call center operatives working from home, all of these kinds of things. What’s the effect of all of this been on your business? How are you responding to that?
Alex: It’s been industry by industry, frankly. Platform utilisation is how we can see firsthand how our customer base was impacted by the pandemic. What we see is that the airline, travel and hospitality industries took a massive hit in March through to probably June or July, but they are back to pre-COVID utilisation levels already.
I’m fairly certain that’s because the world at least was starting to open up and people were offering inexpensive plane tickets for three, four months down the road or people were reserving hotels because they’ve been stuck in their apartments or homes for so long that they just want to get out.
The other industries like e-commerce, financial, basically every other industry that we interact with, have exploded with growth because if you’re dealing with a digital platform and people are transacting more digitally, then utilisation of our platform is going to go up.
You hate to hear those things because there is an ethical dilemma about growing during the pandemic but the same time, people have to be served. They need to be able to take into account the new way of living.
Danny: I guess there’s the new normal, the new way of living, a more digital engagement. Do you see that as a permanent change now?
Alex: I think so. Again, I don’t know how I feel about this overall yet, but you saw people really enjoying the fact that they are going to be able to work from home and they weren’t going to have to go into the office. Most organizations that have been monitoring the productivity of their workforce haven’t seen a decline. In most cases they’ve actually seen an increase in productivity.
Lots of companies are now downsizing their offices. They don’t have to rent as much space, which will save costs. But what that means is that they then have to make sure that remote workers, environments and assets are as secure as possible. There will be an inevitable uptick in costs for a remote workforce if everybody has to have a Zoom account, everybody has to have a laptop, and everybody has to have an endpoint security.
Those costs can really add up on a monthly basis because they’re mainly SaaS-based monthly recurring costs. Those add up to the cost of an employee per square foot that’s not dissimilar to what you would pay just to rent a location to where everybody’s going to go into work.
That said, I think home working will continue. Right now we have a huge ebb on how are we going to secure the home environment, but there’s going to be a massive flow where we’re able to iron out all the challenges that go into a remote workforce, and it’s going to be much easier, much more cost-effective, you’re going to have more productivity, a happier workforce, at least for the next five to 10 years.
Danny: From the consumer perspective we now have a whole swathe of people who previously wouldn’t really have ever transacted online, but now they won’t go back to going into the store.
Alex: I think you’re right as far as consumers are concerned. Left to their own devices, they’re not going to leave their house because it’s inconvenient to go to a department store, find parking, walk in and try something on.
My wife has gotten right with the idea of buying clothes online and retailers have made it extremely easy to not only buy clothes online, but then also return them. The convenience and simplicity have increased. Retailers have also added a degree of simplicity and personalisation to being able to purchase online. I don’t see that changing. I think retail commercial real estate is going to take a massive hit.
Danny: Then people expect that if they’ve interacted with you via your website, but then they need to phone you up, that that’s all going to be seamless. Omnichannel is critical, as we talked about earlier.
Alex: Correct, and I want you to remember me because whenever I come back and buy more stuff, I don’t want to have to think about entering my credit card number, my CVV. I don’t want to have to think about any of that. If there’s a way that I could buy with my thumbprint…oh, wait… there is. Again, they’ve removed any notion of having to exchange cash or credits to simply putting your thumb or showing your face to your phone, which is amazing.
Danny: You’ve touched on some of the security challenges associated with a move towards working from home, particularly as regards contact center employees. What would you say are the key things that an organization would need to have in mind if they’re moving call center staff to working from home?
Alex: As more call center employees are going to be working from home, the ability to capture and tokenise data and web forms through the Syntec platform at the point of acceptance will help further reduce the potential of any leak or breach of that data, because work from home devices are not going to be typically as secure as devices that are operated in the actual call center itself.
Cloud based tokenization provides additional risk reducing benefits in the instance of WFH call center employees. In this new era of working from home and use of personal devices and insecure home networks running mission-critical applications and accessing databases of sensitive information, tokenising payment or personal data at the point of acceptance with Syntec and TokenEx can also function to de-risk these less controlled environments. This ensures that any instance of a lost, stolen, or breached device or network will not result in any exposure of customer data.
Danny: Any other pitfalls that you might have come across when you’ve dealt with clients that are making this change?
Alex: For the pitfalls that I see, whenever an omnichannel organization decides to adopt tokenization, is they try to boil the ocean, they try to convert everything all at once. They say, “We want you to work with five of our project teams to implement across the entire enterprise all at once.” That approach doesn’t work.
In contrast, where we’ve seen tremendous success is through engaging in a feasibility study where we assess all the data flows and the technologies that are in those data flows and then start implementing tokenization across those different solutions, on an as needed, prioritised basis.
For example, some clients take a risk-based approach. They’ll say, “Okay, the biggest risk that we have is implementing tokenization to remove all the sensitive data within the database, and then we’ll push the boundary out further to address a web application because the web application is traditionally the most risky asset that is internet facing.”
Danny: How then do you see TokenEx and Syntec together adding value in this new environment?
Alex: I think the opportunity is only going to increase because contact centers aren’t going away. Indeed, there’s growth here because customers can’t just walk into a retail store, at least not as easily as they used to be able to. They need to have somebody they can speak with and a way to take a payment online or by phone.
These opportunities are only going to grow. We’re seeing the tip of the iceberg because people are going to start streamlining and normalising these transaction flows to their environment. That only leads to a stronger coupling of how Syntec and TokenEx work together to ensure customers are compliant, they’re reducing risk, they’re reducing costs, but they’re increasing the usability of their data so they understand their customers and how their customers want to use their platforms.
Talk to us today to find out more about how Syntec and TokenEx together can help you.