We live life across channels, across payment modalities. Tourists go from country to country, shop in stores and online, wield different cards and digital wallets, and leverage mobile apps to get what they want, on-demand. Platforms such as DoorDash collect reams of data about consumers, enterprises and delivery people with each transaction.
As Mahmoud Abdelkader, CEO and co-founder of Very Good Security, told Karen Webster, there’s value in all sorts of sensitive data – if only companies were able to control that data.
Things are only getting more complex in an omnichannel, cross-border world. Many companies use different payment service providers (PSPs) for each and every channel – collecting sensitive consumer data along the way, tied to tokens. The tokens, which hide sensitive information, may preclude a firm from knowing whether a customer bought from within an app, or in which country they made the purchase.
That fragmented insight into the customer’s behavior – because the company does not control the customer’s data, and the data are not linked in any meaningful way (primary account numbers, or PANs, can be found across any number of interactions) – makes it harder to craft offerings like rewards programs that can boost loyalty and retention.
This is where “zero data” can really shine, said Abdelkader. In terms of mechanics, zero data allows companies to map proprietary PSP tokens and the underlying primary account number to a global alias, unifying transactions for a given card or customer regardless of location, channel or PSP. Zero data lets firms peel away the layers of customer activity – Abdelkader likened it to an onion – and build stronger customer relationships.
Such insight would do much to improve the returns on the investments these firms have been making amid the great digital shift, in a bid to modernize operations and comply with new data privacy rules and regulations.
As Abdelkader said, digital transformation usually is a “geospatial problem.” For the multinational company, and even for smaller enterprises, digitally transforming in California is not the same as digitally transforming in, say, Germany. There are regulatory mandates with which to comply, and alternative payments to consider.
Regardless of the vertical, he said, all companies must keep in sight the goal of delivering a more holistic, interactive and ultimately better experience for the user. Crafting that experience involves gaining insight into the customer, which can be gleaned from data – but only if that data can be transformed from a liability to an asset. That’s no easy task, as Google found out recently with a multi-billion-dollar fine over its data practices.
In the meantime, complexity reigns as companies work across a multifaceted payments ecosystem to process transactions that create separate data streams – hallmarks of a “federated problem” where providers are isolated across different silos depending on the transaction type and where the transaction takes place.
The traditional rules governing data storage and protection are archaic, acting as if customers who are based in Germany won’t actually leave Germany. That makes it nearly impossible for Starbucks, for example, to have the data in hand for purchases of that German customer who might be visiting Tokyo for the Olympics. In an ideal world, that tourist/consumer can get the loyalty offers at a location in Japan. Tying all the information back to a concrete identity can make a world of difference in improving the experience.
Linking the Data’s ‘Moving Targets’
To that end, said Abdelkader, VGS’ zero-data approach lets client firms map proprietary PSP tokens and the underlying PAN to a global alias. As he described it: “You have your data, and we’ll be able to apply all the different policies ‘down the stack’ so you can operate on it without the complexity of managing that data yourself, and without all of the different moving targets, such as those regulations.”
To create a holistic and secure view of that consumer, wherever they may be transacting, all those different payment methods must be consolidated into one system – and must be linked.
“This is the part that gets really complicated,” said Abdelkader. “To link them, we have to identify and reveal the actual sensitive data points.” Those data points include identity, payment methods and card numbers.
But a zero-data approach, he said, replaces all of those pieces of sensitive information so that they look synthetically the same – so the enterprise’s application doesn’t know the information is being “aliased.” The regulators are satisfied, as data are protected, and firms can do what they do best: create new customer experiences with faster time to market.
Enterprises tapping into data aliasing and the zero-data approach “follow the laws without having to sacrifice their digital transformation initiatives,” Abdelkader said. “And that’s really the bread and butter of what zero data does.”