LOS ANGELES—Credit unions found themselves being challenged again and again here during a discussion of how they are using or plan to use “big data,” about whether they are just “pretending” not to know certain things , and whether they have been “drinking their own Kool Aid” instead of respecting their member-ownership structure.
When credit union representatives countered in part that collecting huge amounts of private data on consumers is being done by everyone else, the retort came quickly: “But you’re not like everyone else.”
Also on tap during the debate: a prediction that privacy-related legislation that will have the kind of effect Sarbanes-Oxley and Dodd Frank did in their respective areas.
The spirited discussion, which included examples of how credit unions specifically collect and use data, took place during a panel discussion at the California and Nevada’s league’s REACH Conference here. Participants included Karan Bhalla, managing director of IQR Consulting, which works with credit unions to capture and understand data; Mark Chapman, who oversees marketing for The Golden 1 Credit Union in Sacramento, Calif., and Michael Josephson, a former law professor and ethicist who is the founder and president of the Josephson Institute, which runs the CHARACTER COUNTS! Project.
The session was moderated by Alessandro Acquisti, associate professor of information systems and public policy at the Heinz College at Carnegie Mellon University in Pittsburgh, who studies issues surrounding privacy.
Below is a transcript of the discussion:
Acquisti: What are your views of big data?
Bhalla: Big data has leveled the playing fields for credit unions. Credit unions are now on same stage as the big banks that have 1,000 analysts.
Josephson: I’ve been very concerned with the ethics in big data.
Chapman: My perspective of big data from a credit union standpoint is that it is essential. In case you’re wondering, you don’t have to do it all. We use it at Golden 1 for things like share of wallet analysis, analyzing our inactive base, etc. You are already doing it, but you need to commit to it and carve out out some budget for it.
Josephson: Necessity is not a fact, it’s an interpretation. It’s not necessary. I think you should start at the beginning and with a fresh plate.
Acquisti: Can we establish what big data is? Where do we draw the line? Why talk about this now?
Bhalla: We may be arm wrestling, but I think it’s absolutely necessary. We work with credit unions of all sizes, and we find that more often than not credit unions don’t know how much information they have. So the concept of big data is using that information you have. Big data adds up real fast, and there are uses for that information, and how you use it with your membership is what drives how effective it is for you.
Josephson: I have said the question should be when does it become too intrusive. The question is how should we use it and should we collect more. Once you start it becomes, ‘Gee, wouldn’t it be nice if…” It can be intrusive. To me the standard is when does the amount of information you have on me and you’re using on me become uncomfortable. I may be thinking, ‘I don’t want you to know that about me.’
The biggest question becomes, ‘Do you think people are comfortable with what you have on them?’ And if they are, why don’t you disclose it? I think we don’t want people to know how much we know about them when we’re trying to manipulate them, and that’s what troubles me. The issue is transparency. And even if I trust you, how do I know you’re not providing that data to someone else? It’s only a matter of time before you’re able to buy big data on every human being. I think you’re a member organization, your mission is about your members, so just tell them: ‘This is what we want to use, this is how we’re going to use it, we’re going to determine if you are having economic problems, and we’re doing all this to help you.’ And then allow them to opt in rather than opt out.
Chapman: My job in marketing is to get people to drive past two or three competitors to come do business with me. We need that data to grow our business. There is a lot of data out there, so start small.
Josephson: But once you start off small, you’re on the road. Then it’s about building out the capacity to get larger.
Acquisti: The counterpart argument I have heard is that this is a win-win with both parties benefitting.
Chapman: We all know the credit union difference and the credit union model. I was at Bank of America for 10 years, and I know what they do in marketing to their customers. I think to be totally transparent, it might be a risk, but imagine if you took this win-win approach and you were really transparent and said we care about you. To go on the offensive would be great for you, great for your members, and great for business.
Josephson: I also want to warn you about this keep-up-with-the-other-guys thing. The fact is these things escalate. We get nervous about all the information the government is collecting. I just want to suggest is there is a little of ‘what are you pretending not to know here?’ It would be relatively easy to develop notification. The fact is business is going to push it and push it and push it, and I predict there will be legislation on this in five years. If there is legislation, do you think it’s going to be restrictive, or permissive. I think it’s going to be restrictive.
Chapman: If you expect legislation in five years that will be restrictive, meaning all kinds of limits on its use, wouldn’t it be nice then if credit unions got out ahead of the curve of legislation?
Josephson: I think it would be nice to get ahead of the curve by NOT collecting these things and doing these things. It shouldn’t mean ‘Let’s get all this data while we can.’ And it may be generational, and in time us old fossils will be gone. I know I am uncomfortable. I don’t want my neighbor knowing how much I make, how much I spend, where my kids go to school, etc.
Acquisti: You seem confident the legislation will be restrictive, but if you consider the powers on the side of the data industry, the Googles and the like, and on the other side you have consumer groups, do you really think out of this clash will come restrictive legislation?
Josephson: Yes, but it won’t be as restrictive as initially proposed. It will be watered down by the lobbyists who will take pieces and chunks away. That’s how the process works. But think of how much more data is going to be available. When you can start getting the Google data points, if you know all my Google searches, my Amazon purchases, that can be used in very insidious ways.
Bhalla: To think that everyone among your members share the same view is a misnomer, as our test shows. What we are trying to understand is what is most relevant to someone; if you could reach out to someone who is about to close an account, that would be useful. I agree the intent has to be good.
Josephson: Then let me ask, why don’t we agree on the solution that those who want it, opt in, those who don’t, opt out. I don’t see any reasonable argument against complete, open consent and choice about whether they want to be in the pool.
Acquisti: You find these two extremes; it’s a polarized debate. How do you measure the effects of big data and the outcomes?
Bhalla: We use a lot of data with a lot of clients. What we’re finding is where it’s applied the results are phenomenal. We talk a lot about the low hanging fruit, but a lot of that has been plucked by banks. The data gives us a ladder to pick higher. The projects we work on go beyond just finding ways to get more products into more people’s hands. It can be about pricing a product correctly. I’m a big test-and-learn person, and from a data standpoint you need to make sure you have sample sizes and learn from it. With a car loan, the goal isn’t to get them to spend more, it’s to get them to spend it on your product rather than Citibank.
Josephson: Success is defined how in a member-owned organization that wasn’t organized to make profits? If you can show how you have turned that data into lower interest rates or lower fees, then yes, that’s great. But all we’re talking about this morning is pretending; you are using it to sell more. What I’m saying is stay with your mission, it isnt’ about making more business, it’s about more service. If you’re not careful about sorting through what data you’re going to collect and use, the fact is that the natural incline is down. It’s more of a caution than saying don’t do it.
Acquisti: How do you measure success?
Bhalla: There are measurable outcomes you can manage to. I think most credit unions have had really good member growth, but many are gaining a lot of members, but also losing a lot of members. So the question becomes what happens if member growth slows. And you can’t get into the same level of personalized service with 30,000 or 40,000 members as you had with 7,000 members.
Josephson: in the end members want something, they want a better deal or price. That should be the test. One of the things I read when preparing for this is one credit union was under-charging for its credit card and they raised the price. Well, gee, was that a good thing. If you’re drinking your own Kool-Aid and saying it’s fabulous, show that it is.
Bhalla: Every bank or credit union is underpricing their card….
Josephson: That’s what you’re supposed to do.
Chapman: We repriced, and no one got an increase; 40% stayed the same, 60% were reduced. That’s a benefit and savings of substantial money. The rewards were changed. And many of us do give-back. We’re doing it now.
Acquisti: What would be the first thing you would recommend to a credit union when they are looking at values and big data?
Chapman: In my opinion, if you’re not using data, don’t do it alone. There are a lot of great people serving credit unions. Jump in and get your feet wet.
Josephson: I believe in democracy. Your members are your owner. The philosophical question of whether to get into big data should be put to your members. Then allow for the striation in the membership, and let each member decide. The test is transparency, honest and real consent, and then security.
Chapman: I manage our regulation P, privacy and governance. We go through an exercise where all the managers certify all the vendors and business partners they use. That’s one step we take. I do know that all of us here have automated fraud detection for our cardholders, which has been recently tested.
Josephson: This is a whole new domain. The law professor part of me tells you if someone gets to data you had and you were negligent with it, you’re at risk. The idea of protecting it like any other IT is different. Data is cash; you need to protect it the same way. You have created a great big pool of cash; you have to protect that differently than you do cash. You have two kinds of security problems: The hacker who gets your whole data base, and the risk of the casual user. There is too much information out there to not realize it’s a huge temptation. There has to be some shielding mechanism that protects your data from your own people, and that doesn’t exist today. You can never use your own self-interest as a justification for doing something wrong. An ethical person does the right thing even when it costs more than they want to pay. Voices like mine will be heard, but by and large I think it will be drowned out until there is an outcry and legislation and regulations, all of which have had huge negative implications. I don’t trust the banks.