09. 11. 2018
3 data privacy challenges banks need to overcome
New data regulations and drastically changing customer attitudes to data protection require banks to meet stronger-than-ever privacy standards – but not all of them are succeeding. Here are three key challenges to look out for.
In the wake of the recent Facebook and Equifax data scandals, not to mention the new data protection regulations introduced earlier this year, data privacy has become a growing concern for financial institutions worldwide. And it’s expected to remain a top priority going forward as customers are getting more and more savvy about data collection – and less and less trusting of companies.
Small wonder that banking and financial information is something customers are quite anxious about. About 80% of customers feel protective of their financial and banking information and 74% are concerned about having money taken from their accounts without them knowing, according to a survey of 7,500 European and US customers by cybersecurity company RSA. And 73% are more aware of data breaches than they were five years ago.
So failing to safeguard customer data can have serious business consequences. As many as 54% of customers would be less likely to buy services from a company if they heard it had been mishandling data. Sixty-nine percent would straight out boycott (or have already boycotted) a company that repeatedly showed they have no regard for their personal information. But 50% of participants said they would be more likely to spend money at companies who take data protection seriously.
And it’s not just that customers are becoming more conscious about their personal information. New regulations also force banks to adopt more rigorous data privacy policies. The EU’s General Data Protection Regulation (GDPR) gives more say to people about what companies can do with their information, and strictly regulates how customers give and take back consent to their data being used. Under another key regulation, the Payment Services Directive (PSD2), requires banks to allow other organizations, like fintechs, to access customer data through Application Programming Interfaces (APIs).
Banks are already using a tremendous amount of data to better target prospective and existing customers, develop personalised products, improve customer experience or boost engagement. And their hunger for data will only grow with the spread of innovative tools and technologies, like machine learning or advanced analytics. But challenges are also multiplying with the introduction of PSD2 and GDPR, the increased use of third-party data vendors and a shift in customer attitudes towards sharing personal information. Let’s see what some of these challenges are.
1. Knowing what data you collect and use
Understanding what personal data is processed and revising data collection practices have been the no. 1 thing on banks’ to-do list preparing for GDPR, and may still remain a challenge for many of them (even if they don’t handle EU citizens’ data). Having a firm grasp of how personally identifiable information is defined, where it’s stored, how it’s used and who has access to it in the organization is of the essence here, according to RSA.
Hoarding large volumes of data in hopes of finding a way to bank on it later “could prove disastrous in the current climate,” according to data security service provider Towerwall. Cutting back on the amount of data organisations collect also reduces their potential exposure and processing costs. It’s also crucial to be well aware which third-party vendors have access to what information and what security measures are in place to protect this data.
Collecting data from external “unstructured” sources, such as third-party databases or social media, has become popular among banks. But if they don’t ensure that this data is accurate and valid, they may become vulnerable to making decisions “that are of questionable value at best and corrupted or illegal at worst,” Accenture has warned.
2. Getting clear and lawful consent
GDPR expects companies to get explicit consent from customers for storing and using their data. But consent “does not equal checkbox bonanza”, according to Norwegian fintech Quesnay. The new law differentiates between “unambiguous indications of wishes” (simple consent) and explicit consent, which is only needed for the processing of special data categories, such as biometry, religion or sexual orientation.
Financial institutions need to be extremely cautious about getting clear consent to use information for different types of activities, data management company NGDATA advises. Banks should ask the following questions when determining the need for consent:
- In what scope will we be using the information?
- Is legal consent required for a specific activity?
- Could we still perform an activity without the consent?
- Would the client withdrawing consent affect the activity?
- Is the consent needed to execute specific conditions of a contract?
Institutions must also keep records of consents granted, when, to what extent, and by what method.
3. Providing better service in exchange for data
Customers increasingly expect banks to provide relevant and personalised services, which also affects data privacy matters. About 45% of respondents in RSA’s survey said they felt forced into sharing personal data with companies that had nothing to do with the product or service they were purchasing. And 59% admitted they intentionally provided false data when signing up for a new service to avoid getting unsolicited messages or phone calls.
But the good news is that customers would be happy to share more data in exchange for better services. According to a survey by Accenture, nearly 80% of digital-savvy customers are willing to share personal data with their bank, but 66% demand faster, easier-to-access services in return. “Customers understand that their data has value and are beginning to demand reciprocity,” they explained.
To win customer trust, financial institutions must go well beyond the current data privacy requirements of regulations, like GDPR, according to Accenture. But what does this mean exactly? They should find ways to show that not only are they protecting customer data, but also use it to the benefit of the customer.
For more on how financial institutions can benefit from AI tools download our white paper on AI in banking sales.