April 27-29, 2020
Portland, OR | Hilton Portland Downtown
March 22-25, 2020
San Diego, CA | San Diego Convention Center
January 12-15, 2020
Las Vegas, NV | Paris Las Vegas Hotel & Casino
By Dr. Heather Mark, CCEP
The data economy has become so pervasive in today’s business that it sometimes is necessary to pause and think about where we’d be without the explosion of data that businesses have at their disposal. Cloud software firm, Domo, releases an annual report each year on the astronomical growth of data. Their report, Data Never Sleeps, provides a fascinating example of just how people are using the internet, leaving digital trails to be followed. According to Data Never Sleeps 7.0, more than 511,200 tweets, 18, 100,00 texts, and 188,000,000 emails are sent PER MINUTE. And that doesn’t include our unintentional data creation – the Internet of Things, or our browsing history, or geolocation data. Our world runs on data, which means that as consumers, we need to be able to trust that our data won’t be misused by the companies with which we do business.
A PwC survey conducted in 2017, tells us that consumers are becoming more cynical about how companies handle data. Just 25% of survey respondents believe that companies handle data responsibly and less than 15% believe that the data will be used to improve lives. Further, 87% of those respondents have said that they will take their business elsewhere if they don’t trust the data handling practices of a company.
In Francis Fukuyama’s book, Trust: The Social Virtues and the Creation of Prosperity, he proposed the idea that trust and ethics was central to economic well-being. “If people who have to work together in an enterprise trust one another because they are all operating according to a common set of ethical norms, doing business costs less…” It costs less because we know that our colleagues and our partners will behave in ways that we expect, and that serve the good of the organization. Similarly, as consumers, we are more likely to do business with organizations that we trust.
An essential element of trust is transparency. Again, referencing the PwC survey, 71% of consumers find the privacy policies posted by companies to be difficult to understand. If a consumer believes that an organization is intentionally obfuscating its practices, trust erodes. When trust erodes, consumers say they will take their business elsewhere.
The moral of the story here is that as we move more fully into the data economy, we must also move more fully into being trustworthy stewards of personal data. We do that, by adhering to the letter and the spirit of the data protection laws and establishing strong information practices. Some of those practices include:
- Data Flow and Categorization – It sounds cliché, but you can’t protect what you don’t know you have. So, the first step that is typically suggested is doing a data flow or data mapping. This helps you to determine where the date is coming from, how it’s being used, and who you might be sharing it with. You may find that you’re collecting more data than you need, or that you’re sharing it with vendors that don’t need it.
- Limit Collection of Data – Another old axiom in the data security and privacy business is “don’t collect what you don’t need.” To put it simply, it’s difficult to disclose or inappropriately use data that you don’t have. Once you’ve done a data mapping exercise, you can review this with your team to determine which data is strictly needed as opposed to “nice to have.” Moreover, many of the fair information practices are built on the notion of only collecting the data that you need to complete transaction with the individual.
- Disclosures – Transparency with your constituency about what data you’re collecting and when, and how it’s being used is one of the simplest, but most important, steps that can be taken with respect to privacy. Visitors to your site, and consumers of your product or services, can’t make informed decisions about sharing their data if they don’t understand how that data might be used. Providing clear and concise information about your information practices helps to engender trust and stands you in good stead with legislative privacy regimes.
- Awareness and Training – In today’s economy, most of our businesses and non-profits run on data. Whether we intend to or not, we become dependent on data transmission, data analysis, data storage, and data collection. That means that everyone in our organization is going to encounter personal data at some point. Given that fact, it’s important that your team knows what data is considered sensitive, and how that data is to be treated. An important part of training, that can be easy to overlook, is how to report a potential incident. For example, what should be done if someone has emailed a payment account number?
The dilemma facing businesses today is encapsulated nicely in the January 2019 issue of the Frontier Technology Quarterly:
On one hand, the data economy is radically transforming many economic activities and creating new levels of prosperity. On the other, it presents the possibility of a perilous dystopia … A market economy cannot function without trust, and the data economy is no exception. Trust deficits can unravel the data market and undermine social cohesion, stability and peace.
Nashville, TN, December 4, 2019—Sphere, the leading provider of end-to-end integrated payments and security software, today announced a new integration with Sikka Software, the leading API cloud platform and application marketplace for the retail healthcare community. Together, they have launched a new payments platform called Sikka Payments, which integrates Sphere technology and merchant processing for a complete solution that spans the full payment lifecycle.
With this powerful alliance, dental practices can accept patient payments from a variety of channels, all seamlessly integrated to their practice management system. Whether in person, online, mobile or card on file, the innovative Sikka Payments platform delivers safe and compliant ways for dental practices to take payments without disrupting business operations.
Serving more than 34,000 practices, Sikka aims to improve operational efficiency through its API enabled marketplace, including the new Sikka Payments platform. Their API and cloud platform connects to 90% of the retail healthcare market, including practice management systems and financial software.
Sphere’s developer-friendly payment solutions facilitate omni-channel payments in a way that is highly secure and scalable. Designed for ease of integration, our payment solutions:
- Support card-present and card-not-present transactions
- Are secure and compliant, supporting validated point to point encryption and tokenization
- Provide a single source for technology and merchant processing
“We are excited to join forces with Sikka on this comprehensive platform for healthcare,” said Steve Rizzuto, Chief Executive Officer of Sphere. “With their award-winning API and deep healthcare experience, Sikka is a natural fit, aligning with our expertise in healthcare software and financial technology.”
“Sphere continues to extend its reach within the healthcare vertical,” said Andrew Rueff, Executive Chairman of Sphere. “Together with Sikka, we are able to provide our secure, robust integration to a new market segment while leveraging our expertise in healthcare.”
“Patients demand more options in how they pay their healthcare providers, such as dentists and veterinarians. Doctors are interested in reducing the time and errors inherent in payment acceptance, with an eye to lower costs. Integrated with Sphere, we are now able to deliver this valuable payment solution to the tens of thousands of practices that rely on the Sikka platform,” said Vijay Sikka, Chief Executive Officer of Sikka Software.
For more information on Sphere, please visit http://www.spherecommerce.com.
Sphere, powered by TrustCommerce, is a software and financial technology company providing integrated solutions that reduce friction and facilitate better and more secure commercial interactions with customers in specialized verticals markets, primarily healthcare, non-profit, transportation and education. Sphere’s integrated payments technology and security software enable its clients to process payments in a way that is: highly secure and compliant, integrated with their core business software, omnichannel, and processor-neutral. Sphere’s partner-centric focused payments solutions serve small, midsize and enterprise level businesses and software companies in the U.S., Canada, and Australia. Connect with us on Twitter, and LinkedIn.
About Sikka Software
Sikka Software is helping to rethink the retail healthcare market using a single API cloud platform with Artificial Intelligence and Predictive Analytics. Focusing on non-physician practices in dentistry, audiology, veterinary, optometry, chiropractic, orthodontic and oral surgery etc., Sikka Software now has over 34,000 practice installations on its platform. These are businesses where the primary skilled worker is also the owner who needs tools to digitize their practice and help them make more real-time, optimized decisions. Sikka Software API and cloud platform connect to 90% of the retail healthcare market including practice management systems and financial software. For more information, please visit https://sikkasoft.com.
February 20-21, 2020
San Diego, CA | Kona Kai Resort & Spa
December 6-8, 2019
Long Beach, CA | Long Beach Convention Center
Maybe it’s too early to think about warm cozy fires, holiday cheer, and family gatherings, but it’s never too early to think about the booming holiday season for retailers and consumers. November and December pack a large punch for retail sales, projected to exceed $1.1 trillion1 this holiday season alone.
For most businesses the holiday season can represent as much as 30% of total annual sales2. Before you panic and begin to plan, we put together a holiday season checklist to make sure you are prepared:
1. Make sure you aren’t overpaying to accept payments
Businesses have so many moving parts it can be natural to choose a payment provider and stick with that provider for the long haul. It’s important to make sure you are checking in regularly to make sure you have the best rates possible! It’s highly probable that there is a lower cost option available for your specific business needs.
Before you dive into the holiday season, make sure you have the right plan and the right provider with a no-cost no-obligation rate check. If your rates are fair, then you know you’re with the right provider, and if Sphere can beat your rates, you’ve found a better option and start to save money.
2. Don’t stick with faulty malfunctioning equipment
Having modern, easy-to-use equipment to accept payments is no longer an option – it’s what customers demand! Why make it more difficult on yourself and your staff this holiday season to accept all payment types. Make sure your equipment is working for your business not against it and you are adequately prepared to handle the holiday rush.
Getting new equipment doesn’t have to cost and arm and a leg. If you need new equipment but are worried about the up-front cost, consider leasing the equipment for a low monthly fee.
3. Adopt a system that works in every payment environment
Most businesses operate in multiple payment environments. Make sure you are giving customers the option to pay the way they want – don’t miss out on sales due to lack of payment technology. Your payment provider should support all payment environments: in-person, via mobile, online, and over the phone/key-entered.
4. Update your technology recovery plan to prepare for down-time
During the holidays you should expect the unexpected. Make sure your payment provider is reachable no matter what time you need support. Sphere’s support line is open 24/7/365 by phone. We want to make sure any issues you encounter are solved efficiently and that you speak to a real person any time you call in. You don’t have to settle for second rate email-only customer service, especially in the most important time of year for your business.
Click here for more information on choosing Sphere as your merchant processor.
Sphere, the leading provider of end-to-end integrated payments and security, welcomes new partner ServiceWorks.
ServiceWorks delivers a unified cloud-based platform to optimize all field service industry business operations so that owners can make intelligent decisions to grow their business. This all-in-one solution simplifies jobs, dispatch, inventory, point of sale, real time tracking, accounting, and much more. Founded in 2015, ServiceWorks has quickly established themselves as a leader in field service industry with more than 1,100 clients using the platform.
Through this preferred provider relationship, ServiceWorks will offer Field Service business owners bill payment using Sphere credit card processing and secure payment technology. In addition to accepting payment via many channels, owners will now be able to set up automated recurring billing that uses tokenization for secure card storage. With 24/7/365 customer care, easy sign up and flat rate pricing, payment processing is seamless and convenient.
By Dr. Heather Mark
In recent years, the payments space has seen an explosion of new players. This dramatic growth is good for the industry. It drives competition and innovation. The pace of change brings with it challenges, too. One of those challenges can be the adaptation of traditional software companies to the unique risk and compliance requirements in the payments ecosystem. These compliance obligations are often viewed as costly requirements that add friction to the process, but in reality they not only protect the company’s clients and end-users, it also protects the company’s revenue. A common question among those new to the payments world is, “how much does compliance cost?” That question, though, is a little myopic. A more cogent question might be “how much will it cost our company to be non-compliant?”
In the payments industry, the consequence of non-compliance that comes to mind is the assessment associated with non-compliance with the Payment Card Industry Data Security Standards. Each of the card brands assesses penalties separately, so a non-compliance finding or a breach carried with it the possibility of assessments from each of the four card brands. For example, Visa’s published non-compliance assessment schedule (available in its Core Rules ) begins at up to $50,000 per non-compliance finding for the first violation. Mastercard’s assessment schedule can be found in their Rules, as well. The assessments increase sharply for subsequent findings. It should be noted that these assessments are merely for not being compliant with the security requirements promulgated by the brands. This is not an assessment as a result of a breach.
In addition to the card brand consequences of non-compliance, in the event of a breach that exposes cardholder data, the bad news piles up quickly. All fifty states now have data breach notification requirements, meaning that an entity that suffers a breach in which personal data is compromised and there is a high risk of identity theft or financial fraud must notify affected consumers. While the cost of notification and managing the public relations fall-out is high, so too is the likelihood of a class action suit. While these suits are often dismissed on the grounds that the plaintiffs don’t have standing (fertile ground for another blog post) the fact is that companies legal spend skyrockets in responding to these cases and working to get them dismissed.
In egregious cases, companies may attract the notice of the federal regulators. The Federal Trade Commission (FTC) is tasked with protecting consumers from unfair and deceptive trade practices. The FTC has used this power, provided by §5A of the Federal Trade Commission Act, to take action in the event of a data breach in which consumer data is exposed. A list of FTC enforcement actions regarding Privacy and Security related events can be found on the FTC website. In egregious cases, entities may face fines and penalties, pay remuneration to affected consumers, and may be required to submit their compliance or security programs to FTC oversight for up to 20 years.
Fortunately, there are means to reduce interaction with regulated or protected data. Some of these methods include:
- Hosted Payment Pages – merchants can accept payments through the use of a hosted payment page. The Payment Page is hosted by a PCI DSS validated, registered service provider. The payment information posts directly from the consumer to the service provider, bypassing the environment of the healthcare provider.
- Tokenization – in this solution, the payment information is replaced with a randomly generated value that used to represent the payment mechanism. The healthcare provider can still use that token to process subsequent payments, as may be useful for patients on payment plans, reporting purposes, patient payment analysis, and chargeback or dispute purposes. The benefit here is the reduced payment data footprint within the organization.
- PCI Validated Point to Point Encryption (P2PE) – a P2PE solution is one in which the cardholder data is encrypted from the point of interaction (swipe, dip, entry) all the way through the processor. The payment is processed, but when the authorization response is sent to the healthcare organization, the payment data is replaced with a token.
While the regulatory environment is constantly changing, and threats to data will continue to evolve, the payments industry continues to adapt technologies to mitigate the risk to data. Understanding how these technologies can be deployed to mitigate your data risk can help improve the customer experience and protect your bottom line.
Nashville Venture Connections Publication features Sphere in the article, “Nashville fintech: Waud-backed SphereCommerce eyes M&A opportunities.”
Here is a preview:
Sphere, the integrated payments technology and security software provider, won’t be deterred in its role as M&A consolidator by the frothy valuations it often observes, said Executive Chairman Andrew Rueff, whose office is in downtown Nashville, his hometown.
Read the full article here: http://www.venturenashville.com/fintech-spherecommerce-llc-cms-1898
March 9-13, 2020
Orlando, FL | Orange County Convention Center
Visit us at Booth #2488
August 27 -28, 2019
Verona, WI | Epic’s Verona Campus