Juergen Tolksdorf is Senior Director, Innovation Management, Genesys
Could you start off by telling me a little bit about your background, what your role is your involvement currently in the payment security field?
I’m responsible for managing the ISV and Technology Alliance Partners with Genesys worldwide. Basically, I’m managing the vendor relations and most of the marketing activities. I’m responsible for running the Genesys Technology Partnership and AppFoundry program.
What are the main challenges that are facing organizations trying to ensure security within their call center environment in your view?
Well, most of them do have an issue going in to the cloud these days. The issue is first and foremost one of trust. I’m not quite sure how it is in the UK but, especially in Germany, people don’t have a huge trust into the cloud, both consumers and IT people. There no reason for that, right? It is just because of hearsay and because media is saying ‘cloud is the bad thing which will doom all of us’.
I think it’s also an issue of job security. At the moment people have to manage their servers. Well, if you transfer all of that into the cloud, there’s no more need to walk into room and to make sure the servers are happy, right? Basically, IT people are afraid of losing their jobs. Secondly, there a challenge with enabling encryption and making sure that all regulatory requirements are being met, as well as enabling integration between various providers. Companies such as Syntec also need to make sure that providers such as Genesys allow something like ‘bringing your own carrier’ so that Syntec can connect properly to platform such as Genesys.
How do you see GDPR being an issue?
It’s a training issue, first and foremost. Training of organizations themselves, training of salespeople and again, fear, uncertainty and doubt because companies aren’t 100% sure how to accomplish security guidelines such as GDPR.
I think it’s an issue which is really substantial because companies were collecting data here and there, each and everywhere. Your car dealer, for instance, is collecting your birthdate, for what reasons? Just to send you birthday wishes on your birthday? Did you give permission for that? Those nitty-gritty things can turn into massive issues. Just because you have the data, it doesn’t necessarily mean that you are able to or allowed to use it.
You mentioned earlier concern with regard to data security. How are you seeing people addressing that now?
Well, they address it by going to consultants who can provide them the right information in order to be compliant. They try to outsource things, such as GDPR, in order to be compliant. I think consumers are becoming more concerned now about how their data is being used because of the fact that they have just give it away for free previously. They are going into a prize raffle they just even give their shoe size away. They just think it’s going to be used for this prize raffle. Obviously, this data is being used for each and everything. They feel more secure now, but I don’t think that’s because of improved trust between companies and customers. It’s because consumers feel a bit better because all that has been regulated by the European Union. They still believe that if a company could they would misuse their data.
Do you see any overlap between GDPR compliance and PCI DSS compliance?
Both regulations have the aim of making data more secure. GDPR is a more concrete in regard to using personal data in general, and PCI DSS takes care of card payments as its main scope.
Do you think people are more careful with their payment card details these days?
It depends on the country. Customers in Germany, for example, don’t give their data away at all. That’s a cultural thing – Germans don’t use credit card payments because they don’t trust them. I think in other countries consumers just want to be able to pay conveniently and they don’t care so much about how that’s done. I think they just assume anyway that the credit card clearing is secure. With GDPR everything is now regulated, and that gives a better security to all the consumers, but I’m not quite sure if they really understand that it basically means for them that it’s going to be a little bit more complex.
There must be more awareness that payment security is an issue and that there are solutions available that will address it?
I am not sure if consumers think about that, but companies definitely do. Companies think about it because they have to because of PCI compliance and because of GDPR compliance. Consumers, I guess that maybe 30% will be aware of the fact that there are solutions available which make sure that if they enter their credit card data over the phone, that the agent doesn’t get anything out of that or even the contact center provider doesn’t get anything out of that.
Is there a benefit from a public relations point of view of letting people know “you can deal with us safely because we have this system in place”, that other telephone retailers for example maybe don’t have?
Of course. Once you are as a consumer in such a situation where you are going to pay something through credit card over the phone and the agent makes you aware of, “Hey, you are now entering your credit card data and I don’t hear anything about what you’re doing.” They would appreciate it for sure. If they would be on the phone with, let’s say, their cable provider and they aren’t being made aware of such a system, they would still give away their credit card data because they have to pay the bill.
Is this an issue that comes up when you’re dealing with your technology partners and so on, or with your end customers?
Of course. If it’s a company who takes credit card payments, most of them are looking for a provider such as Syntec for sure, yes.by