Black Friday may be the biggest shopping day of the year and it’s likely that large firms will continue the tradition of bungling consumers’ personal data. Amazon just admitted to losing an ‘unknown number’ of its customers’ email addresses. 2017 was a year to remember (forget?): a record 178.96 million records were exposed in the U.S. So, you might assume that consumers would be very concerned about sharing their payment deets with any merchant at this point. You would also be wrong.
Cool when sharing personal details during an online transaction
On the eve of Thanksgiving, Tearsheet and Branded Research asked over 6,000 people in the U.S. about how they felt sharing their personal details when making online payments. We found that most consumers — about 59 percent — have the same level of comfort sharing their personal details during an online transaction as they did last year.
Men were about twice as likely as women to say they feel more comfortable sharing personal details when making online payments. About one-third of consumers over age 55 say they feel less comfortable sharing personal details when making online payments.
Privacy means different things to different people, and some are very willing to share their data for tangible benefits.
“For instance, some people put their life milestones on social media – prioritizing connectivity with friends and family; others allow insurance companies to track their driving for cheaper rates,” said Caroline Louveaux, Mastercard’s chief privacy officer.
“Yet, at the same time, people around the world are increasingly skeptical about the security and protection of their data—this can be a barrier to building trusted relationships. We believe that data must be handled with full respect for the individual.”
Freaked out about data sharing between fintech apps and banks
When you start asking consumers about how they feel about their fintech apps and banks sharing data, though, they sing a very different tune. In a survey conducted by The Clearing House earlier this year, nearly two-thirds of respondents said they are very or extremely concerned about the privacy of their data when using fintech apps.
Some in the industry are crafting their own response. The Financial Data Exchange (FDX) is a nonprofit trying to unify the financial industry around a common, interoperable, royalty-free standard for the secure access of consumer and business financial data. More than twenty firms — including Bank of America, Citi, and Chase — have joined FDX, which operates as an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC).
“A majority of American consumers are highly concerned about data privacy and data sharing when using financial apps,” says Lila Fakhraie, co-chair of FDX and manager of the Digital Banking API team, including the data sharing program, at Wells Fargo. “FDX’s Durable Data API and operating framework will help address these concerns by allowing the industry to move away from credential sharing and empowering consumers to control account data they share with third-party applications in a standardized way.”
Mastercard and IBM have taken a different approach. Both firms have co-founded, Trūata, an independent data trust that is designed to anonymize data and conduct data analytics in full compliance with the GDPR. GDPR went into effect in Europe in May and empowered users to take back control of their data.
“We saw this milestone as an opportunity to emphasize the role of data for innovation and the respect of the individual’s privacy in our day-to-day business,” said Mastercard’s Louveaux. “With Trūata, we are furthering our commitment to crafting privacy-centric and ethical solutions that bring real, tangible benefits to people and our partners.”
People want security but not the pain
There’s also evidence that younger generations shy away from online transactions because security protocols have become too onerous. Some consumers prefer e-wallets, a registered online money account which can be loaded and then used for payments. E-wallets, like Venmo and Amazon Payments in the United States, can serve as a database to store payment information, eliminating the need to carry physical payment cards and personal data.
“Shopper data is encrypted and safely stored, and in the event of a hack, the only funds exposed are those left after the transaction occurs and not the remainder of the money in the shopper’s bank account,” said Steve Villegas, vp of partner management for PPRO, a global e-payment provider.
Among U.S. consumers, 23 percent of all payments now occur with e-wallets, according to PPRO’s recent Payment Almanac research. That’s the second most-popular payment option, after cards, which account for 57% of payments. Across other regions around the world like Asia, 49 percent of payments happen within e-wallets such as Alipay and WeChat Pay.
Concerned friends have told me that they’re starting to use Privacy for things like public transportation payments. The service creates secure virtual cards and completes checkout forms, saving time and money while masking real card details from a vendor. Privacy.com claims to have saved consumers over $100 million in fraudulent transactions, like on declines on cards that weren’t from the original vendor.
Vendors offer cake, consumers eat it
Consumers are a finicky bunch. Some vendors have realized offering different options to accommodate preferences towards security and privacy can be a differentiator and really, just a good user experience.
One simple example in a banking scenario is to allow customers to define transaction thresholds and conditions – say a push approval request to their mobile banking app. A conservative user may want all ATM withdrawals, all foreign currency transfers and any e-commerce purchase over $25 to be sent to their phone for explicit approval. A more carefree user may choose to only have cash movement above $1500 sent to their phone as they do not want to be ‘bothered’ by frequent explicit approvals.
‘The bottom line is that we all have our own values, viewpoints, degrees of fear and need for control, and, that’s ok,” said Mike Byrnes, senior product manager at Entrust Datacard.
“Many companies have realized the business value of personalization of products and buying experiences – the ones that see the opportunity in extending this to data privacy and security will surely be recommended because we all want to feel like we have a say in how we are treated.”