Consumers are a notoriously fickle group. Onemoment, something is of extreme value, and the next, it’sforgotten, and apparently consumer payment privacy concerns are noexception. Two headlines last month in the United Kingdom thatgrabbed my attention both suggested consumers may have becomeeither indifferent to payment data collection or are recognizingsome of its benefits.
The first headline involved Barclays, which announced itintended to sell anonymous customer data to interested parties, asharp turnaround for the industry which saw MasterCard have todefend its practice of selling consumer data last year. Barclays’announcement was similar to those from mobile providers Vodafone,EE and O2. The bank extolled the benefits of collecting data insituations such as fraud protection, but it remains to be seenwhether this type of full disclosure from the start is enough toprevent consumer backlash about the plan.
The two-pronged approach of full disclosure and highlighting thebenefits of data collection may be a successful strategy,especially if fraud prevention is identified as a major issue. Thesecond headline detailed the findings of a recent Infosys survey and seemed toconfirm this notion. Some 86 percent of respondents expect theirfinancial institution to mine their data to help fraud.Seventy-seven percent would consider switching their financialinstitution if a competitor could promise greater security for bothsensitive personal and financial details.
Financial institutions and other payments industry players finddata collected from consumers is increasingly priceless internally(in an effort to develop more effective products and offerings) andexternally (to sell it to advertisement firms and others). Consumergroups, however, just a few months ago heavily criticizedMasterCard when a presentation highlighting the benefits ofpurchasing consumer data collected by the international cardnetwork came to light. MasterCard quickly moved to calm consumeradvocacy groups, and like Barclays, reinforced that any data soldwas scrubbed of sensitive personal and financial details.
Barclays’ strategy to fully alert its customer about datapractices is a step towards improved communication betweenfinancial institutions and a largely frustrated and untrustingconsumer base. But the disclosure also opens it and others toimmense consumer backlash if the data is somehow compromised.
While no major de-anonymization attacks (the process in whichsupposedly anonymous data is manipulated to identity uniqueindividuals) have been recorded to date, the potential for anattack or leak is growing with more data changing hands. While thecollection of consumer payment data is too valuable for thepractice to end, financial institutions and other members of thepayment industry need to be prepared to face the additionalrisks.
Mercator Advisory Group examines de-anonymization in a ResearchNote, De-anonymization: Potential Impact on Payment DataCollection.