Reduce liability for losses on commercial accounts by adhering to four requirements.
Ensure Consumer Privacy for Rewards Programs
Traditional rewards programs are now threatened as the Durbin Amendment will significantly limit the interchange fees charged by banks — fees that have historically funded the majority of existing rewards programs.
The good news is that there are alternatives available to banks that wish to continue offering rewards to their customers. Many banks are now leveraging the next evolution of merchant-funded rewards known as transaction-driven marketing. Transaction marketing programs provide rich rewards to bank customers funded by retailers’ marketing investments, not interchange fees. Transaction-driven marketing is unique in that targeted rewards are securely presented to bank customers as part of their digital bank experiences (online, mobile, SMS, email) and are based entirely on their purchase histories.
For banks, transaction-driven marketing provides a way to monetize their digital banking channels while simultaneously enhancing customer relationships. Consumers benefit because offers are highly relevant and help them save money on purchases they choose to make regularly.
Transaction-driven marketing represents an evolution of merchant-funded rewards in that offers are personalized based on an account holder’s actual spending patterns (i.e., a customer who ate at a fast food restaurant earlier this week might be presented with an offer to earn rewards from the same or another fast food chain). But bankers should not assume that all transaction-driven marketing programs have the same level of consumer and data protection. To protect a bank’s reputation and its customers’ security, a transaction-driven marketing program should never collect personal information that could be released to marketers and advertisers.
Banks are appropriately obligated to ensure that their rewards programs do not place consumers’ personal information at risk. Successful rewards programs can be managed without collecting or, in fact, using any personally identifiable information and without requiring any transaction data to leave the security of the financial institution. Some considerations that can help bankers better ensure that their programs are in the best interest of their customers and the bank include:
1. Does your solution require the consumer to enter his bank account user name or password for any reason other than to gain access to his bank accounts?
If you answered “yes,” your customer’s personal and transaction information may not be safe. This presents a potential problem that could create negative attention and cause you to lose customers. To avoid this, make sure that your customer’s personal and transaction data remains secure within your bank at all times.
Asking a consumer to re-enter his personally identifiable information — like bank account user name and password, card number or email address — could allow a third party access to that account information. It is much more secure to consumers and much less risky to the bank if the targeting of the rewards program operates entirely under the control of the bank.
2. Does the transaction data ever leave the security of your bank’s data center?
No transaction data should ever leave the security of the bank’s data center. Some transaction-driven marketing platforms require that transaction data leave the bank (either directly or via a merchant acquirer) to an off-site server. Once out of the control of the bank, that data is vulnerable and the bank’s reputation is at risk. Keeping the data securely within the bank’s data center should be advantageous to all parties involved in providing the rewards program.
3. Do marketers and advertisers have access to your customers’ information?
As mentioned, the safest transaction-based rewards programs never ask for your customers’ personal information, such as name, email, phone number, bank account number, user name or password, to gain access to transaction data. In simplest terms, if your rewards program does not require the collection of that information, then it cannot be passed on to marketers or advertisers.
Marketers can take advantage of highly successful campaigns without bank customers’ information by targeting specific purchasing characteristics, which may include ZIP code, store name, store category, purchase frequency or amount of expenditure, all masked behind an arbitrary account ID. Only the bank would know the correlation between the actual account number and arbitrary account ID. Banks then route retailers’ offers to transactions from that arbitrary account ID based on pre-determined purchasing characteristics. This way, there is absolutely no doubt that marketers and advertisers do not get access to personally identifiable information.
As privacy issues continue to remain front-page news, banks must be vigilant in protecting their customers’ personal information through their rewards programs. By ensuring complete privacy of your customers’ personal information, bankers can continue to provide meaningful rewards programs that support customer loyalty and generate needed revenue without relying on interchange fees.
Scott Grimes is founder and CEO of Atlanta-based Cardlytics.
Copyright (c) January 2012 by BankNews Media