In reviewing one of my recent credit card statements, I noticed a marketing message offering $5 off for an online purchase using their credit card at one of the online retailers I frequently visit. At first I thought this was a bit strange as I had not used that particular credit card at that merchant. Then I realized this was likely "Big Data" in action. Evidently, this credit card issuer had gotten information from some database, perhaps from the retailer, that I was a frequent customer of that retailer. The card issuer then checked its records and found that its card wasn't the one I used for the purchases, so it tried to entice me with $5 savings to switch my card usage habits.
A recent Harris Interactive poll of 1,000 U.S. Internet users showed that the typical consumer has an extremely high level of concern about the amount of personally identifiable data (PID) that is collected about them from public databases, e-mails, web access, and private data aggregators and how that information is being used. Big Data has opened a new world of marketing opportunities for companies with the capability to analyze and use such a wide array of information. In addition to marketing opportunities, Big Data technology can also provide enhanced risk assessment capabilities.
Card issuers have used data analysis at both the macro and individual cardholder level for several decades for fraud management purposes. With sufficient transaction history, the issuer creates a cardholder's purchase profile and evaluates future transactions against that profile. In the early stages of such efforts, if a transaction fell outside the normal profile parameters, the issuer was likely to authorize the purchase and then attempt to contact the cardholder later to verify its legitimacy. Before the wide usage of cell phones or text alerts, contacting the customer was often delayed by days until he or she could be reached on a landline. With advances in software and processing technology, some issuers risk rate transactions as they are received for authorization and may deny a transaction with a high risk score or one that exceeds parameters the customer has personally established. Of course, the downside to such a process is a false denial resulting in a less-than-satisfied cardholder.
While few may find fault with using data for financial risk management purposes, the line is blurry between privacy and data analysis for behavioral activity. Let's say you normally use a particular prescription medication for treatment of a chronic medical condition. Data analysis can tell how frequently you should be getting refills of that medication from your pharmacy. On the positive side, the pharmacy can use this information to send you reminders that it is time to order a refill. But what if the data shows that your refills are spaced further apart than the quantity and dosage level dictate? Is it ethical for the online pharmacy to notify your insurance provider that you appear to have significant lapses in taking your medicine when doing so could affect future coverage? At what point does "Big Data" become "Big Brother"?
In 2013, data security and privacy—the issues associated with Big Data—will be a major area of focus for the Retail Payments Risk Forum. In addition to looking at these issues in our Portals and Rails posts, we will be publishing white papers and convening forums with designated stakeholders to further discuss these issues. We welcome your input on what topics you would like to see us cover.
Oh, and as to that $5 offer, I think I'm going to hold out for a few months and see if they are willing to raise the ante. If this blog is being data scrubbed, I think $10 will do it!
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
On a different note, the Retail Payments Risk Forum would like your feedback on our blog. We would be grateful if you would take a moment to complete our survey. It really is very short.