Voice of the Industry

The future of banking – is consumer data more valuable than money?

Monday 30 July 2018 09:20 CET | Voice of the industry

Lu Zurawski, ACI Worldwide: Banks are proactively taking advantage of new Open Data access models, standing their ground in the battlefield of data monetization

In a cautionary era, when the public has not totally forgotten the role of financial institutions in the global crisis of 2008, it may seem odd to propose that banks are set to become the most trusted providers of personal data services.

Even if we park this reasonable citizenry objection, why would banks want to compete in this specialist field anyway? Isn’t this the natural domain of modern tech giants like Facebook, Google or Tencent? And why does it matter to average citizens; surely the deal for personal data sharing in exchange for useful and fun social media services at no cost has long been established? Perhaps this is a field best left to advertising giants like WPP or Publicis, or perhaps by big consultancies like Accenture and IBM who have recently added marketing services to their “Big Data” practices.

However, relentless regulatory moves against banks have created the need to find alternative sources of revenue. For example, rulings on card interchange fees, and enforced (free) Open Banking will leave some banks struggling to maintain their traditional profit levels. But perhaps what the regulator taketh away, data public policy gurus giveth back.

Regaining control over data

Banks may have stumbled – with good fortune – into a new era of government initiatives, like the European General Data Protection Regulation (GDPR), which will make consumers ever more aware of the value of their own personal data. And banking has always been about the data, so it shouldn’t be a surprise to see some financial institutions re-imagining themselves as “data banks” rather than old-fashioned “money banks.” This was illustrated by the Chief Executive of BBVA, Carlos Torres Vila, at the recent Money20/20 Europe conference in Amsterdam, where he spoke about his new focus on helping his customers to monetize their data.

New data privacy and security initiatives like GDPR are driven in part by government policies for dealing with cyber-crime, but also by the belief that recognizing the rights of citizens over their own personal data will create better outcomes for national economies. The policy logic behind Open Banking and the revised European Payments Services Directive (PSD2) envisaged a new, vibrant personal data economy, where citizens analyse their own data in new pricing comparison apps and modelling tools. Economists talk about reducing “Information Asymmetry,” where buyers make bad decisions because they have less information than the seller does, or buyers have difficulty evaluating a particular product compared to similar offerings in a market. Citizens will now have greater control over how much data they want to share, who with, and for how long. They have a right for data collected by their service providers to be shared with competitors, resulting in organisations working harder on personalized offers and differentiated pricing.

Governments around the world are now moving towards models – similar to UK Open Banking – based on the promise of creating benefits for the wider society; in the UK over GBP 1 billion in additional GDP will be generated by Open Banking, according to a study earlier this year from the Centre for Economics and Business Research and Trustpilot.

Banks are moving to the frontline of personal data management

It is natural to think that some of the biggest beneficiaries of this move to Open Data will be new market entrants. UK Open Banking now boasts over 50 such newly regulated firms, which can offer services based on accessing data at customer accounts held at other financial institutions. Citizens are already experimenting with new data comparison apps from these startups. However, it is worth noting that behind the catchy new fintech names (Yolt, Bud, and Emma) lie some very well established bank brands.

Banks such as HSBC, Lloyds and ING are looking beyond regulatory compliance towards pro-actively taking advantage of new Open Data access models, curating services on behalf of their customers based on accessing account data held by their competitors. Obviously, these established banks want to avoid becoming irrelevant in the face of new digital competitors that understand the importance of good personalized consumer experience, and – perhaps more importantly – the value of data. Therefore, it should not be a surprise to see more big name banks moving into the frontline of personal data management.

Whose ‘oil’ is it anyway?

One of the more horrendous IT clichés over the last few years has been the “data is the new oil” meme. The premise is that any organisation that can get the land rights to big pools of data, mine the resource and re-sell it will dominate the economy in the same way as early explorers created the global economy based on oil. Nevertheless, this cliché fails to recognize that big data is not really a tradeable commodity unless it has been “permissioned”. Citizens are already being trained in their data rights and their potential to receive value in exchange for permission/consent. Even if GDPR has not yet filtered into the consciousness of the mass public, major news stories like the Equifax data breach or the scandal involving Facebook and Cambridge Analytica have changed many citizens’ view of how their data is – often unknowingly – shared. Previously outlying views on the use of Big Data, like Jaron Lanier’s “Ten Arguments for Deleting Your Social Media Accounts Right Now” have now become part of the mainstream conversation.

Therefore, we see an interesting confluence of trends: (1) banks need new revenue lines, (2) policy makers encourage an “Open Data” economy, and (3) public trust in big data and social media companies is now seriously questioned. It starts to look more plausible that banks should offer personal data services based on trust, secure access and identity/permission management.

It seems that public trust in banks as data vaults already exists; according to research by ForgeRock in April 2018, 82% of UK customers say they trusted banks and credit card companies to store and use their data responsibly, compared with only 63% who trust in social networks. Accenture’s 2018 UK Financial Services Customer Survey backs up this growing trust in banks.

Banks need to move to capitalize

Banks also have a clear incentive to capitalize on this trust quickly – as a defensive strategy against data-savvy competitors. The data that a bank relies upon (e.g. for fraud analysis, for marketing, or for pricing of new products) is in danger of disappearing if consumers become more comfortable with the digital experience of a new startup that has the right to access that bank’s systems. Imagine what would happen to the transaction data seen by the bank – instead of seeing a series of transactions that help to provide a unique insight into the lifestyle demands of an individual consumer, the bank will see a series of bland transfers (payment to Revolut – GBP 200, payment to Revolut GBP 1000, payment to Monzo – GBP 2000 etc.). Once the data stream is reduced to that, it is going be very difficult for the bank to work out how to create and price new targeted products. Meanwhile Revolut and Monzo are awash with rich data being shared with their consumers.

There will be hundreds of new service providers for account information and for payments initiation. It will be tricky for consumers to manage their preferences and permissions with all the new services they have been tempted to explore. Perhaps it would be easier to take one service from one entity (a bank) trusted with personal data, and smart enough to design and build new data services – like a personal dashboard – to control permission, monitor, and monetize personal data.

This dashboard should be able to manage preferences, rules and consent, and be accessible electronically by third parties using authentication systems that check the permissions granted by an individual consumer. A template for this kind of authentication is developing in the field of electronic Identity Management (eID), where numerous banks have become eID credentials “issuers” within interoperable schemes like iDIN in the Netherlands, SecureKey in Canada or itsme in Belgium.

These eID schemes are not just for validating an identity. In fact, “identity” is a potentially misleading term for where this field is going; in many payment scenarios, there is no reason for a buyer to be forced to share an identity with a seller. Conversely, it may be risky for a seller/retailer to collect such identity data anyway. What is more important than identity is permission/entitlement – i.e. how do I know, as a seller, that the person (or thing) that I am about to transact with has the rights to conduct this transaction? How do I know as a data processor, that I have permission to use this person’s data? That is where reliable transaction handling systems for eID, authentication, authorization, and data permission systems all overlap. These are all capabilities that banks are actually quite good at handling.

Ten years after the low point of trust in banking, 2018 could mark a renaissance. It seems banks are well qualified to look after peoples’ valuable assets, making them available when they want them, delivering them to people they want to use them. This time though, trust is has not just about the money; it is about something arguably more valuable – personal data.

About Lu Zurawski

Lu Zurawski is Practice Lead for Retail Banking Products at ACI Worldwide. Bringing with him a varied and extensive background in consulting, systems integration and service management, Lu develops ACI’s strategic payments business propositions in the emerging fields of Open Banking, new access models and real-time alternative payments. Lu has over 20 years’ experience across a variety of payments markets, which is evident in his thought-provoking and often unorthodox viewpoints on the world of payments. In particular, Lu’s interest in Behavioural Economics often shines through, as he addresses the latest trends across policy, regulation, technology and customer behaviour.

About ACI Worldwide

ACI Worldwide, the Universal Payments (UP) company, powers electronic payments for more than 5,100 organisations around the world. More than 1,000 of the largest financial institutions and intermediaries, as well as thousands of global merchants, rely on ACI to execute USD 14 trillion each day in payments and securities. In addition, myriad organisations utilize our electronic bill presentment and payment services. Through our comprehensive suite of software solutions delivered on customers’ premises or through ACI’s private cloud, we provide real-time, immediate payments capabilities and enable the industry’s most complete omni-channel payments experience. To learn more about ACI, please visit www.aciworldwide.com. You can also find us on Twitter @ACI_Worldwide.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Lu Zurawski, ACI Worldwide, expert opinion, banking, Open Banking, data management, banks, personal data, fintech, data monetization, GDPR, PSD2, Open Data
Countries: World