Payment Data.. Banks are NOT the problem

Loss of Anonymity in Payments and the threats to Banking, Retail and Consumers

Compelling WSJ article yesterday on Facebook and Bank data. This article doesn’t begin to touch the extent of the problem. When it comes to data, there 2 very very distinct camps. Those that care about consumer data and their role in managing it, and those that don’t. 

Banks and payment networks care and are “squeaky clean” compared to the rampant data sharing going on within marketing (retailers directly to the big ad publishers). While Cambridge Analytica brought about changes to 3rd party data sharing the entire ad industry has DRAMATICALLY increased direct first party data sharing. In other words many large retailers are sending their real time SKU level purchase data (for all customers) directly into the big Ad Platforms.

  1. Google Offline Conversions API
  2. Facebook Offline Conversion API
  3. Agency Example
  4. Gartner CDP Magic Quadrant

What enables retailers to identify consumers and send this data to Ad Platforms? Historically, only retailers with loyalty card schemes could do this, but recently Payment cards have transformed to become the virtual loyalty card used to accurately identify consumers (without Bank/Network permission). This is shocking, as Payment cards have a solid track record for protecting consumer identity (ie anonymity in payment), with payment anonymity a core “feature”. Within the 4 party network schemes only issuers could identify the consumer, enabling issuing Banks maintain the critical role of Identity broker (see blog). As former banker this makes my head spin, as the Payment Card Industry (PCI) has invested BILLIONS to protect transaction data.. Only to have it pour out from a hole.

Example

Today, when a consumer uses their V/MA card to purchase the retailer creates an “anonymized ID” and stores the transaction set internally (at ~50% of the top 10 retailers) with the entire inventory of items purchased. There are few rule or privacy issues here (IMHO), as general trends and loyalty are measured.  However, retailers are voluntarily sending this transaction data (mapped to consumer ID not PAN) directly to the big Ad Platforms. The ad platforms then map this activity to the “anonymized ID” customer behavior it maintains (ex preference for soccer and CNN.com). Issues with this model:

  • Replacing the PAN with another Anonymized ID SHOULD NOT cause it to run under a different “rule set”. If ANY card information was used in the mapping, it should run under network rules
  • Neither the issuers, the networks nor the consumers have permissioned this data sharing.
  • Banks will never have a data business if data plays in this way
  • Retailers are giving away enormous consumer insight and strengthening the pricing power of Google/FB
  • The value of the “raw data” will diminish. Once reliable predictive models and preferences are established (ex Tennis player that likes Lacoste) I no longer need the raw data
  • Data is the “new uranium” we must work to control dissemination or it will destroy those touching it.

Obviously data is following the path of least resistance to centralization points that can act on it efficiently (covered in my blog Equifax, FB and Dangers of Data Centralization). However the ABILITY to act on data is different than the rules which data should act within. Transaction data was developed with VERY thoughtful rules and controls. For example, when a party submits a transaction or request the counterparty is known as is the legal agreement under which the “transaction” operates. Trust developed as a result. Trusted data must be managed.

Russ Schrader (Commerce Signals GC/CPO and Executive Director of the National Cyber Security Alliance) put together these 3 simple rules of thumb when thinking about data use:

  • Right to have the data
  • Right to use the data
  • Right to share the data

To be clear my goal is NOT to create a government imposed GDPR in the US. Rather I want Banks and Retailers to have a data business, and create great new consumer experiences.

Yes I have a bias here, it is what I built my company around (see Federated Data®). Data centralization is the v1.0 architecture of data science. Sure you can learn great things if all the data is mashed together but the value of data is based upon use. If you can’t control use… you can’t control the unique value that is unlocked (or the rights) within a given use.

Bank/Network Actions

Let me be clear.. banks must have a role in data! The economics of payments are changing. Banks must protect their ability to deliver value beyond the transaction. Banking is a commerce function and Alipay has shown what the future holds for “commerce orchestrators” .. payments allow them to become banking orchestrators as well (see WSJ and Ant Financial).  There are both offensive and defensive actions that must be taken. 

  1. Defense. Change the rules to protect your data ensure every party “in the network” is operating on your data with permissions. Your data is playing in the market today.. and you don’t even know it. Banks have permissioned and distributed their data to marketing, loyalty, and shared market insight vendors. While individual transaction data may not be distributed by your partners, consumer level models are built and shared (see Banks as a Data Business). Typical network rules allow for merchants to use card information for the purpose of “loyalty and marketing” these rules need to be tightened up as the rights to share this data with many parties was never part of the original intent.
  2. Retailers are not big enough to force change within the ad world. You are..  Ensure that all data operates within the simple rules above.
  3. Banks must collaborate in data. As a top 3 bank told me “… we have learned some very hard lessons in data, no one bank is big enough to go it alone. What we should have remembered is the success with V/MA. Even though we compete with [Banks] a common network allowed millions of businesses and consumers to work with us consistently….” and another “ The real threat to banks is the Alipay. We need a common data network with common rules. Banks have a role to play in creating great consumer experiences however there are only a very few of them we are poised to lead”.  
  4. Take on the roles of transparency and consumer champion.
Retailer Actions

Retailers have a right to payment data. While big data can create great new insights if we centralized and analyzed all conversations, there is a downside. Digitally, every interaction you have with a consumer is a conversation. Brands must manage who gets to take part in these conversations and build insight from them. If your downstream data “partners” mis-use your data your customers will go to Amazon (which doesn’t share data with Google and FB).  You must create great consumer experiences, but you must balance against consumer privacy and your rights to the data.

  1. Maintain control of your data supply chain. Both WHO is using your data and HOW it is being used. Create a mission control that allows you to see what data is shared with Whom, for which Use under which legal agreement (a shameless plug for our service)
  2. Rather than sending out raw transactional data that improves pricing leverage of Goog/FB build a CDP and enable your own targeting. Make partners bring their insights to you, or ask you to append a propensity score for a specific campaign.. not raw data for all of your customers. This is what Commerce Signals enables. 
  3. Hold all marketing partners accountable to performance against a common benchmark. This does not mean a measuring against a panel of 8M location based “presence” participants. But leverage your transaction data to measure performance consistently. This means Google and FB must be measured against your metrics.. Not report their own. Mark Pritchard of P&G is the most vocal advocate of this approach

For more information, please see my previous blogs

Targeting and Attribution – Facebook’s Substantial Lead

6 March 2014

A very very hot topic in digital advertising today is attribution. My definition of attribution: The process by which an advertising campaign measures its influence on consumer behavior. Digital advertising is typically measured by: Ads presented (Impressions), Click Through Rate (CTR), Cost per thousand (CPM), Interaction time (see DoubleClick Data and Top 10 Metrics). Marketers have more data for online advertising than for any other channel, the problem is that people don’t live online. For example, eCommerce sales are around $180B, compared to total Retail sales of $2.4T (excluding Auto, Financial Services and Gas). Similarly Google owns 50% of the digital ad market, with US revenue running at over  $30B/yr, which is just a small slice of the overall US marketing spend of over $500B. The CPG vertical for example is the has the largest marketing spend (P&G $3.2B), but very low digital spend (see Retailer as Publisher).

The marketer’s key “nut to crack” : how does online advertising influence offline behavior? (attributing behavior). Facebook is leading the world in 2 critical areas of advertising: Targeting and Attribution.

Targeting

Facebook is highly differentiated here, think lasers vs nuclear weapons. Not only can you build a custom audience based upon email, phone, … etc. You can have Facebook expand that to a lookalike audience, or use external data to form a partner audience (consumers that drive a Mercedes, are over 40 and drink OJ). There is no platform on the planet that does a better job targeting. Tech Crunch covered most of this in an April 2013 Article.  Also a consumer privacy group has a very detailed article on issues surrounding facebook/datalogix.

Attribution

This is where the stakes get much higher, and the facts are VERY closely guarded. Why the secrecy? Perhaps data use is beyond the scope of use agreed to, or at least the “value” of the use has not been realized by the owner of the data. For example the Tech Crunch article outlined how Datalogix used grocery store loyalty card information in custom audience creation (targeting) and attribution. However, Datalogix may not be authorized to use the data in this way (at least for all of the Retail clients).

Lets assume that they have no rights to use Safeway’s data for either targeting or for attribution, how do they get around it? For Targeting: my guess is that they are using a smaller Grocer’s (GroceryX) data to construct an initial data set that Facebook expands (via lookalike). For attribution, they then use loyalty card purchase information to statistically project the performance of the original data set (projecting the purchase behavior of the GroceryX’s loyalty customers on the larger data set).

If this is the case, then GroceryX’s data contributed all of the attribution performance (as well as for targeting). Subsequently the revenue that SV should receive is far above their data’s representation in Datalogix’s grocery macro database. In otherwords, SuperValu (or another unknowing participant) may not be getting paid for the value they are creating.

Regardless of the data use, Facebook is becoming a CPG’s dream channel, far exceeding the performance of anything they have ever worked with (by a factor of 5+!). This is one of the reasons I’m very high on Facebook, and I do own the stock. It may have taken them awhile to figure out targeting and mobile advertising, but they are absolutely killing it today. I believe they could easily grow their CPG advertising 10x in next 18 months.

Purchase Behavior.. Who has it?

There is SIGNIFICANT data leakage going on today. It is a Tsunami that is about to hit every retailer. Data is being used far and above its intended purpose. Another grocery example is what was UPromise, and now SavingStar.  UPromise was an original construct to earn points toward college tuition from SallieMae. Every grocery provided their data to the program so their consumers could participate. SavingStar has tremendous data.. but what can they do with it?  Bank of America’s card linked offer program started to use this data, but the issues of use, ownership and the latency (ex getting credit on day 3) issues persist.

Retailers run a very profitable business in data today. It is core to the current status quo, particularly as it relates to trade spend ($200B/yr). Most retailers are very, very conscious of issues surrounding data leakage. The leading Retail analytics companies (Catalina, dunhumby, Spire, Inmar, ..etc. ) could do wonders in attribution if their data owners would let them.

Purchase Events

Another entity that has purchase data in the US is Argus Information, a Division of Verisk. A little over 10 years ago, Argus evolved as a US bank marketing utility for measuring/targeting cards. Banks send Argus all of their card transaction detail and Argus creates reports for banks (ie Average Customer spend vs competitor in region, average customer balance, …) it was a benchmark service, plus a way for Banks to target Card mailings.  Argus’ former CEO Len Laufler is now running a new data Division at Chase for Jamie.

My friends tell me that Argus has been openly discussing how it can sell its purchase intelligence to non-banks and advertisers (this year). I can tell you one thing for certain, Banks are not cool with this. The head of Retail at a top 3 bank called up Len 2 years ago and told him in no uncertain terms, that the moment they sold their data outside of its intended use they would no longer receive it, and find themselves in front of a judge. The Banks are at risk, Argus is at risk, Consumers are at risk.. if data is used beyond the approved usage. The only way to get this data is with the approval of issuer and consumer.

AdAge had Amex/Mastercard story along these lines in April.   I was also told last month that another source for the data could be Yodlee. As Yodlee’s very first customer (Wachovia 1999) I would say that they have an advantage of customer permissioning. They also have experience in dealing with 3rd party use (Mint, offermatic, …), problem is that it takes time to get the data (customer must register), and there is a latency between transaction, bank record keeping, OFX polling, attribution logic, .

GoogleZave Reciept detail

Quite frankly Google has all of the assets to kill CPG/Retail. Their Zave purchase has put them IN the IBM/Toshiba 4690 OS (run by 16 of 20 top retailers).  Every time I shop at my local Harris Teeter and use electronic Coupons.. it is Google powering a fantastic consumer experience. Customer level SKU information attribution nirvana. They also have a unique content delivery mechanism (targeted incentives) that Facebook can’t match. Manufacturers are not keen to issue coupons to everyone.. they want to target incentives to specific buyers… However Retailers DO want coupons for everyone, unless someone will pay them more to change their behavior. It will take Retailers, Manufactures and Consumer participation to make this all work.. which means tremendous focus (and investment).