If a hacker could get their hands on any type of corporate data, sales commission data would probably be at the top of their list. Indeed, those hackers would gain access to some (or all) of the following:

  • Key business metrics (ex: revenue, profit)
  • Employee compensation information
  • Sensitive product pricing / margin information
  • A complete list of accounts / customers

When you evaluate the cost of any sales commission solution, security should be part of the equation. Don’t just calculate the cost of user licenses or setup fees. Take into account risk – the potential cost of having your entire sales commission data published to the internet due to a data breach. And so you need to make sure your vendor has a deep understanding of security.

Is Your Sales Commission Vendor Secure?

Here at Sales Cookie, we take security very, very seriously. Unfortunately, we feel this is not always the case elsewhere. We often come across other sales commission vendors who:

  • Claim “advanced” security by virtue of trivial defense mechanisms – such as simply encrypting traffic using SSL. In today’s day and age, most browsers refuse to visit a website without SSL encryption enabled. Therefore, just stating that sales commission data is “secure” just because a website uses encryption isn’t acceptable.
  • Use a custom authorization / authentication implementation. As many data breaches have proven, it is near-impossible to properly safeguard credentials using a custom implementation, because it requires in-depth knowledge of cryptography few developers possess. We feel it’s irresponsible to use custom in-house implementations when it comes to user authentication.
  • Re-sell your private sales commission data in the form of “sales compensation benchmarks”. Let’s face it, your commission calculation data is your own private data. It’s nobody else’s business, and should never be used to provide additional sales compensation information services. Indeed, it’s very difficult to aggregate data in such as way that sources are totally anonymized.
  • Store customer credit cards. Software-as-a-service solutions can work with credit card processors to tokenize credit cards. This allows the service provider to charge customer credit cards without actually storing their numbers, validation codes, etc. Actually storing customer credit card creates real opportunities for fraud and other dangerous data leaks.

How Does Sales Cookie Protects Your Sales Commission Data?

Here at Sales Cookie, we deploy many practical, in-depth security measures to ensure your sales commission data remains secure and private. This includes:

  • Deploying non-trivial security measures – from database encryption to security-related headers.
  • Using a third-party authentication provider – as a result, we never store actual user credentials.
  • Never reselling your sales commission data – it’s your data, and should remain private to you.
  • Never storing credit card number – we use tokenization to charge customer credit cards.
  • Executing hundreds of security-related test – each time we make any change to our cloud-based service.

In short, we’ve implemented every security measure we could think of – because we understand the importance of the data we’re entrusted with.

Protecting Your Credentials & Other Benefits

We made the choice to integrate with Auth0 for all authorization and authentication (you can read this case study for more details). Auth0 provides many benefits besides simply not having to store user credentials:

  • We can select a specific geography (ex: European Union) to store account details, and so ensure we comply with various regulations.
  • We can detect intrusion and react accordingly (ex: if a customer logs in to Sales Cookie from New York, and then from Australia an hour later, we can detect this).
  • We can auto-lock accounts if known to be compromised (ex: the LinkedIn account you used to login to various web properties was compromised).
  • We can audit user logins and implement single sign-on (SSO) using key authentication providers (ex: Microsoft Azure).

In Conclusion

Sales commission data is highly sensitive. Some sales commission automation vendors claim a high degree of security, but fail to deliver it – or engage in shady practices such as reselling your sales commission data. At Sales Cookie, we have a strong commitment to security and privacy. Our security is based on important design principles (such as not storing sensitive data), and on many practical security measures. Visit us online to learn more about how you can automate your sales commission program!