InComm Payments Empowers Safe AI Usage with WitnessAI

I’m Jonathan Kennedy. I’m the chief information security officer at Incom Payments, and we’re headquartered in Atlanta, Georgia. We are an innovation and payment processor technology corporation that looks at, maximizing and making, payments, more convenient for our customers and our partners. We work in several areas, such as open loop and closed loop gift cards, prepaid debit cards. We also do incentives platforms, for retailers and corporations along with, gaming, tolling and transit, and health care. So, data loss is always a concern. Regardless of what industry you’re in, you wanna protect your intellectual property and also protect your customer’s information. We have, large databases that contain, personal health information, payment card industry information, and personally identifiable information. So specifically, we were looking at a way to monitor what type of data is flowing in and out of these models, how we can control that type of sensitive data, but also being able to increase productivity and allow our users to use these, new modern, applications to, better perform at their jobs or make it more efficient. We’re a very heavy, PCI shop in the payment card industry. We have to follow all those regulations from our from our retail partners and also from a our, contractual obligations. So we wanted to partner with everyone to make sure that we can control this data and, minimize our attack surface. And we started looking at, AI security, very seriously so that we can keep going forward with GenAI. We chose Witness AI after an exhaustive search for the kind of capabilities that we need for a portfolio as diverse as ours. We talked to several competitors and what I really focused on was the, partnership that Witness offered. The technology was what we needed, out of the box to get us going. It was very easy for my team to adopt the product from, day one. It fit seamlessly into our current integrations. We already had a plan around how we needed to respond to these alerts. It already flows into our SIM. It goes into our conditional access and behavioral models with our UBA tools. It was really like it’s always been there. But now we have the total visibility that we need, and I feel confident in the fact that we can monitor, these types of technologies. We work with the witness team, regularly. The chief product officer is completely engaged with our needs and, has built, several dashboards and several queries and several algorithms to help us, get the most out of this product. The platform integrated into our existing workflows in, several major areas. Our data governance team uses it to ensure that the, sensitive and confidential data that’s regulated is not going to these platforms. Our data loss prevention team, looks at the at the totality of the alerts that we have that’s coming from the platform. They integrate with our SOC and we have an incident response team that’s based around, the relevant data that’s in there. And finally, our our privacy team, also, analyzes the alerts, to ensure that we’re not losing any personally identifiable information to these JDI eyeballs. It’s just the customizability from the regex queries and everything like that that really allows us to make it our own product. We implemented the Windows AI platform through existing technologies that already had integrations that came out of the box. We didn’t need to put in any hardware. We didn’t need to put in any new sort of software or technologies within the environment. Our users had no impact. It was all seamless and is now capturing all the relevant AI traffic. To be curious about it, to ask questions, getting a POC stood up is very easy. It’s seamless. You don’t have to have any impact on your end user base and the time to value is extremely quick. You can see the results in a matter of minutes. You can make, actual quantifiable decisions based upon the results and it lets you fully understand your attack surface. I would definitely say that this tool goes beyond security. There’s really just an endless use of use cases for this. My primary concern is obviously security, but there’s a process efficiencies that can be had. And really, the biggest thing that I can stand by this tool and say that is it reduces your risk. There’s a lot of corporations that are afraid of GenAI. They’re afraid of these, large models. They’re afraid of the fact that their data may just end up in a in a random cloud somewhere. Witness protects against that. And even if you don’t know what your attack surface is with GenAI, you can get a complete visibility with this tool and then make your decisions based upon that kind of risk. I would recommend Witness dot ai to other companies that are facing similar challenges. We wanted to make sure that we had the capability to safely use these types of technologies within the organization and also to help bring us into the future.