Loss of Anonymity in Payments and the threats to Banking, Retail and Consumers
Compelling WSJ article yesterday on Facebook and Bank data. This article doesn’t begin to touch the extent of the problem. When it comes to data, there 2 very very distinct camps. Those that care about consumer data and their role in managing it, and those that don’t.
Banks and payment networks care and are “squeaky clean” compared to the rampant data sharing going on within marketing (retailers directly to the big ad publishers). While Cambridge Analytica brought about changes to 3rd party data sharing the entire ad industry has DRAMATICALLY increased direct first party data sharing. In other words many large retailers are sending their real time SKU level purchase data (for all customers) directly into the big Ad Platforms.
- Google Offline Conversions API
- Facebook Offline Conversion API
- Agency Example
- Gartner CDP Magic Quadrant
What enables retailers to identify consumers and send this data to Ad Platforms? Historically, only retailers with loyalty card schemes could do this, but recently Payment cards have transformed to become the virtual loyalty card used to accurately identify consumers (without Bank/Network permission). This is shocking, as Payment cards have a solid track record for protecting consumer identity (ie anonymity in payment), with payment anonymity a core “feature”. Within the 4 party network schemes only issuers could identify the consumer, enabling issuing Banks maintain the critical role of Identity broker (see blog). As former banker this makes my head spin, as the Payment Card Industry (PCI) has invested BILLIONS to protect transaction data.. Only to have it pour out from a hole.
Today, when a consumer uses their V/MA card to purchase the retailer creates an “anonymized ID” and stores the transaction set internally (at ~50% of the top 10 retailers) with the entire inventory of items purchased. There are few rule or privacy issues here (IMHO), as general trends and loyalty are measured. However, retailers are voluntarily sending this transaction data (mapped to consumer ID not PAN) directly to the big Ad Platforms. The ad platforms then map this activity to the “anonymized ID” customer behavior it maintains (ex preference for soccer and CNN.com). Issues with this model:
- Replacing the PAN with another Anonymized ID SHOULD NOT cause it to run under a different “rule set”. If ANY card information was used in the mapping, it should run under network rules
- Neither the issuers, the networks nor the consumers have permissioned this data sharing.
- Banks will never have a data business if data plays in this way
- Retailers are giving away enormous consumer insight and strengthening the pricing power of Google/FB
- The value of the “raw data” will diminish. Once reliable predictive models and preferences are established (ex Tennis player that likes Lacoste) I no longer need the raw data
- Data is the “new uranium” we must work to control dissemination or it will destroy those touching it.
Obviously data is following the path of least resistance to centralization points that can act on it efficiently (covered in my blog Equifax, FB and Dangers of Data Centralization). However the ABILITY to act on data is different than the rules which data should act within. Transaction data was developed with VERY thoughtful rules and controls. For example, when a party submits a transaction or request the counterparty is known as is the legal agreement under which the “transaction” operates. Trust developed as a result. Trusted data must be managed.
Russ Schrader (Commerce Signals GC/CPO and Executive Director of the National Cyber Security Alliance) put together these 3 simple rules of thumb when thinking about data use:
- Right to have the data
- Right to use the data
- Right to share the data
To be clear my goal is NOT to create a government imposed GDPR in the US. Rather I want Banks and Retailers to have a data business, and create great new consumer experiences.
Yes I have a bias here, it is what I built my company around (see Federated Data®). Data centralization is the v1.0 architecture of data science. Sure you can learn great things if all the data is mashed together but the value of data is based upon use. If you can’t control use… you can’t control the unique value that is unlocked (or the rights) within a given use.
Let me be clear.. banks must have a role in data! The economics of payments are changing. Banks must protect their ability to deliver value beyond the transaction. Banking is a commerce function and Alipay has shown what the future holds for “commerce orchestrators” .. payments allow them to become banking orchestrators as well (see WSJ and Ant Financial). There are both offensive and defensive actions that must be taken.
- Defense. Change the rules to protect your data ensure every party “in the network” is operating on your data with permissions. Your data is playing in the market today.. and you don’t even know it. Banks have permissioned and distributed their data to marketing, loyalty, and shared market insight vendors. While individual transaction data may not be distributed by your partners, consumer level models are built and shared (see Banks as a Data Business). Typical network rules allow for merchants to use card information for the purpose of “loyalty and marketing” these rules need to be tightened up as the rights to share this data with many parties was never part of the original intent.
- Retailers are not big enough to force change within the ad world. You are.. Ensure that all data operates within the simple rules above.
- Banks must collaborate in data. As a top 3 bank told me “… we have learned some very hard lessons in data, no one bank is big enough to go it alone. What we should have remembered is the success with V/MA. Even though we compete with [Banks] a common network allowed millions of businesses and consumers to work with us consistently….” and another “ The real threat to banks is the Alipay. We need a common data network with common rules. Banks have a role to play in creating great consumer experiences however there are only a very few of them we are poised to lead”.
- Take on the roles of transparency and consumer champion.
Retailers have a right to payment data. While big data can create great new insights if we centralized and analyzed all conversations, there is a downside. Digitally, every interaction you have with a consumer is a conversation. Brands must manage who gets to take part in these conversations and build insight from them. If your downstream data “partners” mis-use your data your customers will go to Amazon (which doesn’t share data with Google and FB). You must create great consumer experiences, but you must balance against consumer privacy and your rights to the data.
- Maintain control of your data supply chain. Both WHO is using your data and HOW it is being used. Create a mission control that allows you to see what data is shared with Whom, for which Use under which legal agreement (a shameless plug for our service)
- Rather than sending out raw transactional data that improves pricing leverage of Goog/FB build a CDP and enable your own targeting. Make partners bring their insights to you, or ask you to append a propensity score for a specific campaign.. not raw data for all of your customers. This is what Commerce Signals enables.
- Hold all marketing partners accountable to performance against a common benchmark. This does not mean a measuring against a panel of 8M location based “presence” participants. But leverage your transaction data to measure performance consistently. This means Google and FB must be measured against your metrics.. Not report their own. Mark Pritchard of P&G is the most vocal advocate of this approach
For more information, please see my previous blogs