Alex Pezold is co-founder of TokenEx and is an expert in risk management, compliance, data security, network security and tokenization as well as being a certified QSA.
Could you give us a little bit of background about TokenEx and the work you’ve done with Syntec?
Sure. TokenEx is a data protection platform. Our core technologies are tokenization, pseudonymization and encryption and key management. Our platform, while we’re focused on data security, is very much a connectivity play as well. We act as a proxy between how our customers accept sensitive data and share it with those organizations or entities they are doing business with, be it vendors, be it partners, be it whomever.
Syntec is a fascinating amalgamation of technologies. Our platform has an API that Syntec is able to communicate with. For example, Syntec customers want to be able to tokenize data as it is being accepted through the Syntec solutions, whether it’s hosted or on premise, they can make web service calls to the TokenEx platform to tokenize data before it’s actually stored within their environment.
What it does from a context center environment is it allows the customer to eliminate scope downstream from the Syntec solution, however they have implemented it. It also allows them to store tokenized values which are not in scope for PCI. TokenEx and Syntec have a few mutual customers. Where we will integrate is at the e-commerce acceptance channel, mobile, batch files for EBI. Then the contact center is solely left to Syntec. The cool thing is that Syntec can communicate with TokenEx. So the customer has a universal token vault that has tokens centralised within the TokenEx platform that the Syntec solutions can interact with as that data is being accepted and used.
Where did the impetus behind establishing the relationship with Syntec come from?
There were a few different drivers behind the partnership. TokenEx is not in the contact center space. Whenever our customers have asked us if we have a contact center solution we’ve not been able to answer that question. We’ve not been able to say, “Here’s a solution that we can recommend” because most of the solutions in the market, whilst they will do tokenization, they do tokenization on their own. The challenge that exists there is that you have tokens from TokenEx and you have tokens from the contact center solution. Two different token vaults is incredibly hard to use because now the customer can’t use those tokens for recurring payments or charge backs or anything like that because they’re not really sure of the origin of the token and where to find it. It makes it more challenging on business processes.
Over the course of time we’ve been able to spend some time with the Syntec folks, to get to know them very well and understand the solution. Talking with Syntec, what we were able to identify is that they do in fact have the ability and saw the value of being able to link our solutions together to form a bigger, better solution that would handle all types of acceptance channels for tokenizing and securing payment card data and reducing PCI scope.
Once we had that conversation with Syntec we were like, “Hey, you know what? This is where it ends. This is the group we need to use.” because the solution was going to enable a bigger opportunity for customers to get out of the PCI business and get back to their core of generating revenue.
That’s a big issue for your customers dealing with PCI or finding ways to ensure compliance or to de-scope from it?
It is. Our enterprise customers are more concerned about eliminating card holder data in their environment, so the risk of having that data outweighs the cost and the burden of PCI compliance. They really don’t mind having to achieve PCI compliance, it’s another line item that they have to do every year. Now, our SMEs and other customers who don’t quite fit that enterprise mould are more concerned about eliminating scope and cost and burden because that’s taking away from their ability to do business.
It’s interesting to see the dynamic between the two segments of customers that we share with Syntec, most of which are at the point where, whether driven by compliance or risk, they’re saying, “We just want the data out of here, please help us.” Syntec is a perfect avenue for that.
Are the people that you deal with seeing this purely as a cost or are they seeing it as a benefit as well?
It’s definitely a benefit, particularly when you consider the cost of our solution when compared to the cost of achieving compliance.
There’s so many different technologies that you have to have in place in order to achieve PCI compliance and each one of those solutions is going to be a six or seven figure price tag. A TokenEx-Syntec combined solution can alleviate that cost completely so there is a return on investment in that our solutions basically pay for themselves.
Do you think there’s more of a push from consumers as well for greater obvious card security measures?
Our model is business-to-business so we haven’t seen a huge drive from a consumer standpoint on our end. However, our direct customers are definitely feeling the force of GDPR, not only because they want to do the right thing in making sure that they’re securing personal data and putting the correct control mechanisms around it. It has been interesting to see a growing interest in securing sensitive data sets over the last 9 to 12 months because of GDPR.
What’s it been like working with Syntec? Have you done an implementation now?
We’ve done an implementation. There are three things that I want to say. Firstly, for a solution to be effective in an environment, it has to have low overhead when you’re installing it and you’re maintaining it. With Syntec’s solution there’s incredibly low overhead in installing and getting it up and running. You’re talking 30 days or less before the solution is in place and removing sensitive data from the contact center environment. That is enormous.
The second thing that I would say is that Syntec have developed a solution that is interoperable.
The fact that they have the forethought to design a solution that can integrate with other platforms that are providing other functions to produce a greater good is pretty remarkable. That forethought, in my mind, is thought leadership at its best in the contact center space. We love to see that. We’ve not seen that “enablement by design” with many solutions in the market today.
Then last but not least, we’re very, very careful about who we refer our customers to for a partnership standpoint because in the past we have been burned. We haven’t had the best of experiences with some of the partners that we’ve worked with in the past. Obviously, we are no longer partners with those groups.
Our customers get a white glove treatment from us from top to bottom and even after post-implementation. Anything that they want, need, any troubleshooting, any type of help that they need, they’re going to receive it at whatever cost it is to TokenEx. That’s just how we feel about doing business. I feel like Syntec mirrors that philosophy and it’s appreciated because we are not concerned about saying, “You should check out Syntec.” There’s never a feeling like “I hope this goes well.” It’s always, “You’re going to be very well-served by Syntec.”
Those three things are something I’m pretty passionate about. We have to offer day one efficacy. We have to have an easy implementation and operability across different platforms. If we’re going to keep customers, we better treat them well. That’s what I feel about the kind of culture and technology platform that Syntec has developed and designed.