At the intersection of data privacy and security and payments innovation lies friction, possibly, for the consumer experience. Tough to swallow, perhaps, for restaurateurs who are busy navigating the waters of the phenomenon that is remote order-ahead.
In the latest Topic TBD, PYMNTS’ Karen Webster and Merchant Link CIO Scott Carcillo delve into the larger issues that surround a successful transition to orders done digitally via devices.
Data is top of mind, of course, in the days following Facebook’s own privacy scandal that impacted 87 million users, and as the General Data Protection Regulation (GDPR) looms large over the payments landscape with a deadline only a month away.
In the case of the latter, of course, the EU’s online privacy laws have implications for firms far beyond Europe’s borders – to the tune of hefty fines for non-compliance.
Are merchants ready? Viewed from a high level, Carcillo stated that in a software-as-a-service multi-tenant environment, the ability to remove the individual consumer (remember, GDPR is opt-in) can be challenging.
“So that’s kind of the work we’ve had to be focused on,” he told Webster. “As the merchants go through the process, many of them are already using our tokenization, so that omnichannel tokenization puts them in a position where that [GDPR compliance] falls more to us than it does to them.”
Said Carcillo of firms that may be staring the upcoming GDPR deadline in the face: “If they’re not set up with a cloud provider, they have some real challenges – I imagine in the retail space, where they do their own settlements and have all of that data on file, GDPR introduces a ton of issues for them. That’s because they’ve got to be able to segment out the key customer information when requested.” That may be a knotty issue when, especially for retailers, online orders are coming from all over the world.
Generally speaking, and regardless of vertical, he said, “you need to be able to segment your systems fundamentally and keep your individual consumer data separate from the card data.”