Data Leakage

10May 2016

Great article in the New York Times this weekend: Jamie Dimon Wants to Protect You From Innovative Start-Ups. Believe it or not I agree with Jamie.. consumers have NO IDEA of what they are giving up. There must be a chain of control on regulated data..

Payment Data

Payment data is all over the place. While I was at Google in 2011 they started Google Wallet because they initially thought they needed to perform the payment function (NFC) to close the loop in advertising. What I helped them understand is that transaction data is available ( no NFC/wallet needed). This is why Google wallet is a bit of an afterthought today… Google’s core objective is to close the loop …. today they do it without taking a role in the actual payment (see blog).

The diagram I gave to them is below

Transaction Flow

The parties above have rights to your data, depending on the payment instrument used and/or loyalty card. The real problem involves further dissemination of data (leakage) in EACH ONE of these boxes. For example, the famous NYT article on the teen’s father that found out she was pregnant by diapers DM in his Mail (#2 above, also see Forbes explaining how they did it). Four years ago a store like Target or CVS had their transaction data in Datalogix, Saving Star, Catalina, … today it is isolated to a single loyalty platform (ex CVS and Catalina).

Last week the CMO of a top retailer called me and said “Tom my new customers are for sale on a DMP [Bluekai]”. I asked “how?”, she said “one of my IT guys decided to include a Share Button with each of our catalog items, when users click on “share” a picture of our product appears on Pinterest. The problem is that when consumer “shares” the PC is tagged and URL registered in a DMP with no constraints. Now my competitor can buy the audience of everyone that comes to my site… I’m about to kill him”. This shows how unintentional data sharing can be.

Bank Data

Banks are logically concerned with data that leaks out directly through them.  You should see the look on their faces when I tell them that “their bank data” is for sale by Yodlee (aggregation), Argus (bank marketing), Affinity Solutions (bank loyalty), …etc. While  the buyers of this payment data do not know my individual behavior (Tom bought a McDonalds today) but the ad cookies have now become linked to this data and now advertisers have tagged me as a junk foodie.

Regulated companies have a responsibility to know both WHO is using consumer data and HOW it is being used. The last part of this (controlling use) is the really hard part… but given that the VALUE data provides toward any given purpose is based upon USE.. it is really important to control.

Why did I shut Yodlee down at Wachovia? Consumers loved the service, a single view on all of your accounts from airline rewards to card balances and brokerage positions. The risks involved them giving up their ID and password. This means I had to trust Yodlee with not only the credentials, but all of the information that they aggregated.. HOW could they use it?. In one service (advisor view) Yodlee could allow bank brokerage agents to know what their clients invested in at other financial services companies. Consumer permissions were planned.. but Yodlee has the data regardless of permissions.   Imagine using bank card data to predict the health or sales trends of a business….. you could predict financial results.

Yodlee is very very small leakage risk when compared to someone like Argus. Argus started life way back in 1994 (before bank’s cared about data). Banks give Argus anonymized account information in order to do market research on comparative performance (average transaction size of my Bank A debit card to Bank B). Today Argus holds over 90% of debit and credit card transaction data. While Argus is prevented from giving any specific issuers data to anyone, they can aggregate data across issuers. For example, today Facebook asks Argus “how many of these 1000 people purchased something at Northface store on May 1-15th”. Argus can respond 87 people purchased for total of $32,000 (across all issuers).

Aggregated data is not much of an issue, however when Argus works with other aggregators (like Neilsen’s Excelate) they allow creation of digital audiences based upon purchase behavior (see Money 2020 Presentation).  This is much more of an issue!. Particularly when you can also combine with other DMP items like website visits above. Perhaps this dynamic is one reason why Jamie Dimon’s JPMC pulled out of Argus 18 months ago.

Unfortunately one of the key laws of data today is every effort to anonymize data is matched by efforts to de-anonymize. For example, any anonymized transaction data could be merged with biller data to find consumer transaction amounts on a card. Over time comparing dates and amounts over 2-4 years starts to give a view on what consumers have what cards (de anonymized bank data).

Data – Delusions of Grandeur

Data is key to mobile marketing success… and the primary reason it is broken today. While google knows everything I did online.. it knows very little about me in the physical world. Commerce data belongs first and for most to the consumer and the merchant. Much of the profitability of retail, CPG and banking rests in the direct relationship with the consumer (see rewiring retail). No ONE COMPANY can compete against Google, it takes collaboration and partnerships (see my Internet 3.0 blog). The failures in this space have been MASSIVE

  • Google – $600M
  • ISIS – $600M
  • Card Linked Offers $1-2B (see blog)
  • MCX – $200M

I’ve told the stories of how both Verizon and Verifone asked Google for $1 BILLION to support Google in NFC (2011), to which Google politely declined (see walled gardens). In 2014 I ran the Verizon executive innovation offsite (tremendous event), bringing in external leaders like Keith Rabois, Osama Bedier, etc. Osama had the most brilliant insight on payments, mobile and data that I’ve ever heard. “What did we [collectively] learn from our experience? That the tighter we hold on to our assets the less likely it is that anyone will win… for value to be created we must loosen the grip on our assets and allow them to play.. value creation takes experimentation first…. when we find success and gain traction.. then we should look to monetize… [not the quick win]”. WOW.

Banks do not uniquely own transaction data, most bank their strategies fail because they come from a position of “control” vs value creation. Within commerce you must create value for at least 2 parties (ex merchant and consumer). Within data, my bets are on companies closest to the merchant..  as they are the most in need of help. Banks today have enormous opportunity to partner here.. for example in co-brand and private label.

A logical first step to any value creation is to get control of your data.. JPMC is the industry leader here… recognizing that there are many other parties that have rights to access (through other channels).

Tom’s Data Rules – Control and Collaboration…

  1. There is NO WAY to control your data if it leaves your facility…. It becomes trust (or shades of grey). This is what we do at Commerce Signals.. “your data, your environment, your rules”.
  2. The value of data is at an intersection.. it must be combined with something else. This force works in juxtaposition to the first rule above. How can I let my data “play” without it leaving? Historically the only way to create intersections is to co-locate the data… signals change that.
  3. The value of data decays quickly with time. The fact that I just bought a movie ticket is enormously valuable to a restaurant if it is 10 seconds old.. but not so much after 2 hours.
  4. Once data is merged with something else.. it can not be “unmerged” nor its usage controlled, for example data aggregators work very hard to isolate business data sets. Bayesian Models can be built for any given data set that obviate the need to source the underlying data. If I establish a correlation between going out to eat and movie attendance I no longer need either of the first party data sets, but can rather source proxy data to accomplish my objectives.
  5. The value of data is based upon use and scarcity. Nothing in infinite supply can have a price. First party data does not “play” today because its use cannot be controlled. This is core problem we have solved for in Commerce Signals.
  6. The only efficient way to price data is in a neutral market where usage can be controlled (ie Commerce Signals).
  7. Neutral markets cannot have proprietary data (and models) that compete with other data sellers. This is the biggest challenge facing today’s data brokers. They have an enormous inventory of proprietary 3rd party proxy data sets and models.
  8. Ownership and Consent. First party data requires a chain of control on who used what data for what purpose at what time.

Leave a Reply

Your email address will not be published. Required fields are marked *