Processing marketing data in banks can be risky business.
After all, financial institutions have to juggle sensitive data related to business and at the same time balance between strict sector-related restrictions like PCI DSS, GLBA, Dodd-Frank Wall Street Reform, the Consumer Protection Act, and the GLBA Safeguards Rule, just to name a few. Not to mention the GDPR – new European regulation to come into force in less than a year which will also significantly impact the way banks collect and store marketing data of their clients.
Being in one of the most regulated sectors, banks also tend to be among the slowest adopters of digital tools. But despite the restrictions, they are increasingly catching up on the use of new technologies, including web analytics for banking.
To do that, they have to go extra mile to provide sufficient security to their data. That’s why in the further section of this blog post we’ll introduce you to three the most important rules of safe data processing in banking sector.
However, before we describe the best data security practices, we’ll take a step back. Let’s delve deeper into the most common hurdles banks stumble upon when trying to find a way to use their data for marketing purposes.
Free Ebook: 15 KPIs to track for E-Banking and Mobile Banking
Learn about 15 KPIs accountable for customers’ engagement in your e-Banking and m-Banking platforms.
Collecting sheer volume of personal data and a fear of data breaches
The first challenge derives from the nature of data collected by the financial sector. Banks offering online services capture a large volume of personal information about their customers, including: names, addresses, account numbers, contact information, and passwords.
What’s more, the finance industry deals with sensitive data – not only personal data, but also PFI – Personal financial information – like account passwords, tax information, credit reports, credit card security numbers, and so on. Breaches of databases with that kind of data are dangerous, so PFI has to be handled and protected with due respect.
Most banks have already made protecting themselves against cyber attacks a high priority. But cybersecurity will only become more and more important, and will require ever greater resources. As banks store an increasing amount of data about their customers, their exposure to cyber attacks will most likely grow.
And we have to remember data breaches are not only dangerous, but also expensive. A report from last year by the Ponemon Institute showed that the average total cost of a data leak is $4,000,000. This number includes fines imposed by public authorities, fixing what broke after the hacking attack, in addition to lost business opportunities.
However, the most important consequence of these breaches is not severe fines, but a damaged reputation. It’s almost impossible to restore credibility after a mishap of that sort, especially for banks – entities entrusted with significant sums of money.
Omnichannel banking and data safety
The second challenge is related to omnichannel customer service. Studies show that the majority of customers expect their banks to provide service options on numerous devices. Last year’s ‘The Nielsen Mobile Shopping, Banking and Payment Survey Q1, 2016′ showed that half of respondents had checked an account balance or transaction on their mobile device in the past six months, and 42% had paid a bill.
It’s quite obvious that customers expect operations between channels to occur seamlessly. Unfortunately – most of the time it doesn’t. As the Federal Reserve customer survey ‘Consumers and Mobile Financial Services 2016’ showed, it’s likely that many mobile banking apps still aren’t able to provide consumers sufficient value. The same survey showed that nearly 40% of respondents consider the mobile screens to be too small to perform activities in banks’ applications and 20% said the apps were too difficult to use.
This shows that customer experience is something banking sector has to improve. And that requires putting analytical and marketing tools to work. But if the technology is not used wisely, it can potentially create holes in banks’ data security systems.
How can banks prevent breaches of personal data while at the same time improve the experience of their customers?
Fortunately, there are at least a few ways in which banks and other financial institutions can find the right balance. They can apply strict security measures to the data collected with analytical and marketing tools and protect themselves against breaches. Read on to learn how to process marketing data the right way in banking industry.
1) Store all the cookies and other user trackers in the domain of your bank
In a nutshell, it’s about blocking the ability to load third-party items that can identify the user on the bank’s website. The analytics software, or other marketing tools, should be kept in domain controlled by bank, such as analytics.[bankdomain].com. Thanks to that, accessing user IDs kept in cookies becomes virtually impossible for anyone outside the bank’s internal servers.
However, not many marketing technology vendors offer that kind of solution. Most web analytics and data activation tools operate in a cloud environment that automatically rule out running their software on bank’s domain. That’s why to apply this kind of security measures, you should seek web analytics vendor offering On-Premises storage options (like Piwik PRO).
2) Keep your marketing data on internal servers and under your control
The next step is to keep all e-banking customer data on the bank’s infrastructure and under its full control. In this way, you ensure that all the collected data is not shared with third parties and that appropriate security and privacy policies are followed.
Storing data on-premises has other advantages – it allows you to adjust your web analytics setup to your internal data security policies. For example, you can encrypt data or use your preferred SSO authentication method to make sure that access to your web analytics data is highly restricted.
You can explore more about how to host your analytics to see which hosting option would work best for your company.
3) Restrict the transmission of confidential data by your browser
Banks should also definitely avoid sending any kind of confidential data to third-party items by adding it to the URL. We have to remember that any kind of information used to identify a user, like their account balance or the website they’re currently visiting (yes, this really happened), when inserted into the browser address bar will be stored in the browser cache and will be remembered on that device.
This kind of situation can be easily avoided by creating encrypted user IDs and not using any third-party tools for further analysis of the data. To apply the strictest security measures, all of the data about the bank’s customers should be analyzed internally by bank employees with appropriate data permissions.
Safe data processing in banking – final thoughts
Web analytics and marketing tools can provide many benefits to the banking industry. But it should never come at the expense of customer data security. And the new European regulations on personal data (GDPR) will only increase pressure to take the security and confidentiality of data seriously.
That’s why, despite the fact that SaaS-based analytics solutions are becoming more and more popular, banks and other financial institutions should take a more active interest in hosting web analytics or marketing solutions in their own cloud or on-premises.
In Piwik PRO we’re keen to discuss these and other related challenges – that’s why we encourage you to contact us or follow our blog. That way you’ll stay up-to-date with the latest news on data privacy, web analytics for banking, and many other topics related to banking.
Free Ebook: 15 KPIs to track for E-Banking and Mobile Banking
Learn about 15 KPIs accountable for customers’ engagement in your e-Banking and m-Banking platforms.