Posted By

Aaron Mireles


Before Don Frieden started his company, gas stations hadn’t innovated their payment technology
since 1997. He knew that needed to change.

Original Post | Innovationmap

Before Don Frieden started his company, gas stations hadn't innovated their payment technology since 1997. He knew that needed to change.

P97, founded in 2012, exists to use innovative technologies to simplify and energize daily journeys, Frieden explains on the Houston Innovators Podcast.

The fast-growing company — which has nearly 200 employees, most of whom work from Houston — has raised over $100 million in venture funding, according to Crunchbase, most recently closing a $40 million series C round earlier this year. This funding has supported P97 as its expanded its technology, even expanding outside of gas station payments and into other sectors, like consumer packaged goods, mobile app development, and alternative fuel sources.

Part of what P97 is focused on too is adapting new technologies, including biometrics, and applying them to the payments world. Voice-enabled payments is something in particular that Frieden is working on.

"One of the things we’re most excited about is voice enable payments through our partnership with Amazon's Alexa," he explains. "The landscape of payments at gas stations underwent this next revolution, and we're using cutting-edge speech recognition and artificial intelligence to allow drivers to pay for fuel just using their voice.

"It makes the process faster and more efficient, and is completely hands-free," he continues, explaining that biometrics are also safer compared to card transactions. "From this time I say, 'Alexa, buy gas,' six seconds later, the gas would be turned on and any loyalty rewards I have would be applied, all from the comfort of my car."

Frieden shares more about the future of P97, payments, and the energy industry as it intersects with P97 — including the future of alternative fuels — on the podcast. Listen to the interview below — or wherever you stream your podcasts — and subscribe for weekly episodes.

For decades we have been hearing about the importance of maintaining a healthy diet, the importance of moderation, of balance and of exercise. And for any diet, we know that not only is caloric intake important, but also the type of intake. Sugar, starch, protein, fat and fiber, it all has meaning and it all is important. The importance of a healthy diet has now become part of our “Data diet.”

In the last several years, data storage became less expensive. With a move to the cloud, not only was data storage inexpensive, but we no longer had to own the resources to store all this data. Life was good – or so it seemed. A veritable all-you-can-eat data buffet without ever having to consider the consequences. The concept that “more is better” became all too real; we were flush with marketing data. And so, the story goes: If a consumer was willing to provide it, we were willing to collect it. Not necessarily concerned with security and privacy, after all, the customer was providing the data. Also, since we were not asking for bank or credit account numbers, was there any real harm in gathering all of this personal data? As for the practical use of this data, there was not much of a story to tell — at least not yet — but we had the data.

And so, just like too many trips to the food buffet, the consequences of this inevitable data bloat came home to roost. First, it was the personal and account number data breaches at department and big-box stores, credit reporting agencies, transportation companies and others, only to be followed by the mishandling of personal information by some of the internet giants. The cost of holding too much personally identifiable information (PII) without proper protections or possibly even worse, the improper management and use of this personal information, became all too real.

While this phenomenon was happening in the field, organizations such as NIST, ISO and AICPA got involved to create standards that would help to ensure the security, confidentiality and privacy of such information. Additionally, every state in the United States came up with its own data privacy regulation, and in Europe, the General Data Protection Regulation (GDPR) came of age. Putting it all together, for an enterprise that was breached, the issue became the source of significant cost for card replacements and credit monitoring services, millions of dollars (or more) of lost profit and ongoing reputational damage. And so, as the GDPR and other regulations continue to emerge; it is clearly the dawn of a new day in the marketing data collection business.

What then, are our best next steps?

Step 1: Starting point, Find the data.

Know where your data resides. For companies that feature a single flagship product less than about 10 years old, this should be a very tractable problem. It is likely that you have a single data store with data in a single location, though perhaps with inadequate controls. The challenge is then one of data organization, rationalization and controls.

For those companies with multiple, sometimes even hundreds of products built up over many years by acquisition, or companies with dozens of databases containing personal information, it is a much larger challenge. This will require not only careful analysis to find the data but is likely to incur software refactoring to segregate the PII from co-mingled, historical, transactional information. Once this PII has been found and separated from the non-PII data, the challenge is, to the extent possible, to accurately consolidate overlapping PII.

Step 2: Rationalize the data you keep.

Once the data has been found and is somewhat consolidated, determine the validity and usefulness of the data already collected. If the data stored is more than three to five years old and there is not a legal or financial requirement to maintain the data, it has probably outlived its marketing usefulness. At this point, it is time to either pseudonymize, anonymize or to just simply delete the data. Consider it a boat anchor to be jettisoned while you reorganize the rest of your ship. As a QSA / Assessor friend of mine says, “If the data is not making you money, you have to question why you are holding it.”

Step 3: Get an updated customer consent; Step 3a: Rationalize your CRM lists

For data that you decide to maintain, you will now want to go to your client base and request consent to continue using this information. Your request ought to speak well about the benefits of giving consent, such as taking advantage of money saving offers, being introduced to interesting new products and receiving valuable promotions. The best advice is to make this sound very attractive, given that getting an updated consent may be a one-and-done opportunity. Otherwise, with the recent spate of negative headlines, you will get more “Nos” than you like from a clientele that have heard nothing but bad news regarding personal data collection. Additionally, asking for consent provides another reason to reach out and contact your customer base, and with it, an opportunity to refresh your CRM lists, rediscovering those customers and clients who are still genuinely interested in your product or service. With GDPR, which leans toward a “principle-based” regulation as opposed to a highly prescriptive regulation, demonstrating your proper intent, that is, “doing the right thing” does matter, particularly if doing the right thing puts you on a path toward full compliance.


By exercising these first few steps, you will likely have made significant progress in the management of your customers’ and clients’ personal information; furthering your GDPR compliance as follows:

1. The location of all customer PII is now identified for all future database design. Knowing location will also provide certainty in the case that something bad does happen and you need to be able to quickly access this information in a certain, complete and auditable way. Whether you are considered a data controller, processor or both, GDPR requires that you are fully aware of and can easily access all of the personal information that you maintain. Having ready access to the PII in your database has accomplished a GDPR principle.

2. You have rationalized the quantity and quality of the data that you are maintaining. A side benefit being a potential significant reduction in data storage costs, whether it is on premise or in the cloud, these are real savings. In doing so, you have decreased the task at hand of managing and protecting the personal information you choose to maintain. You have created standards for the removal of aged data, and now there is a reason for each piece of data being collected, which achieves a greater level of transparency in data collection. Another GDPR principle accomplished.

3. You will have gotten a dated consent from your customers to continue with the use of their data. Something you may have received before, but it is unlikely that you have saved both the consent and the date upon which it was received. Again, GDPR principle accomplished.
With these objectives achieved, a practical and compliant data roadmap can be established that has included, as the first step, the separation of personal information from all transactional and other data. Plans can then be established for the proper encryption of all PII, with a design for data presentation that supports activities such as customer service and for marketing data usage. These functions will be addressed in the next paper: Marketing Meets GDPR, Part 2: Data Management, Presentation and Usage.

Demo Title

Demo Description

Introducing your First Popup.
Customize text and design to perfectly suit your needs and preferences.

This will close in 20 seconds