Have you ever tried to select web analytics for financial services and banking? If you haven’t, let us warn you: it’s not a walk in a park. It’s more like cutting your way through the jungle of data privacy rules and regulations you’ll have to adhere to.
You won’t have the luxury of settling for any sort of “market standard”, and many other popular products won’t meet the demands of your organization as well.
Why is this the case?
Firstly, there is a large number of regulatory regimes and laws that financial institutions have to comply with. For a multinational company these would typically include:
- Payment Card Industry Data Security Standard (PCI DSS),
- GLBA Safeguards Rule,
- Gramm-Leach-Bliley Act (GLBA),
- Dodd-Frank Wall Street Reform and Consumer Protection Act,
- The Sarbanes-Oxley Act (SOX),
- …and a few more.
Although the sheer volume of legislation seems a bit overwhelming, remember that they all serve customers’ best interests.
This is especially true when we consider that the finance industry uses extremely sensitive data – not only PII (Personally identifiable information) but also PFI – Personal Financial Information – like account passwords, tax information, credit reports, credit card security numbers, and a lot more. Breaches of that kind of data are extremely dangerous, so PFI has to be handled and protected with great respect for its value.
When SaaS is not an option
Secondly, although every financial institution can develop strict rules about data privacy, there’s always a threat that other companies will apply lower standards in their work.
Most of today’s web analytics solutions offer tools based on the SaaS model, in which the vendor provides not only the software and platform, but also the infrastructure where your data is stored. This solution has become popular for several reasons, including because it’s cheaper and easier to implement.
Unfortunately, those qualities don’t necessarily sound appealing to multinational financial institutions – the remote locations of cloud servers don’t comply with privacy regulations in many countries.
And the list of potential obstacles doesn’t stop there.
The lion’s share of SaaS vendors defines their terms and conditions in a way which doesn’t allow users to store any sensitive personal data on their infrastructure.
Let’s be honest – that’s not surprising at all. Extremely sensitive data tends to make one’s database prone to attacks and therefore requires more protection, increasing maintenance costs. So it’s easier to limit one’s liabilities and not store it at all.
Of course, there is a way to work around those things, especially if you can find a vendor offering servers in locations that will satisfy your needs. You can, for instance, use anonymization techniques, partial hashing or other methods of permanent data encryption and therefore still take advantage of one of SaaS-based solutions. But this means that you’ll also lose lots of valuable insights hidden in the information that comes from your users. So why bother with collecting it at all?
Fortunately there is another way. Although more than 90% of solutions available on the market will not meet your needs, there are some tools that can satisfy the expectations of data-sensitive businesses like yours. You just have to know what to look for.
In this article we outline the most common problems people face (and eventually overcome!) when seeking a web analytics suite for banks and organizations working in the financial industry.
Free Ebook: 15 KPIs to track for E-Banking and Mobile Banking
Learn about 15 KPIs accountable for customers’ engagement in your e-Banking and m-Banking platforms.
Problem #1
You want to analyze actions by users that are already logged in
One of the most serious problems you’ll run into is that a massive amount of what you want to analyze is hidden behind a so-called “login form” – that’s where your customers check their card balance, buy new financial products and perform other actions that may potentially drive your interest.
If you want to monitor traffic and gain valuable insights about your users’ behavior and actions, you have no choice but to use the most secure means of data collection available.
This automatically eliminates the option of Javascript tracking, a solution known for the high granularity of reports it can help us generate. Unfortunately, because it requires inserting additional lines of code into your website, JS introduces all the possible dangers that come with third-party vendors.
Solution: Use safe, on-premises web analytics
In that case it’s worth considering a ready-made on-premises web analytics solution. Unfortunately, most of the options available on the market won’t meet your standards, but there are a few of them that will.
By going for on-premises web analytics, you ensure none of the collected data is shared with third parties and that appropriate security and privacy policies are followed. Also, you can encrypt data or use your preferred SSO authentication method to tightly restrict access to your web analytics data.
For instance, Piwik PRO Analytics lets you not only track the behavior of your customers in secure member areas. You’ll also be able to link it with their activities from before they’ve logged in to see their whole journey.
And then, thanks to advanced reporting, you’ll be able to visualize this data inside your Piwik PRO instance using the BI tool of your choice.
What’s more, you’ll also be able to use this data in a secure ecosystem of on-premises marketing tools. The Piwik PRO Marketing Stack consists of four more products: a Tag Management System, Personalization, Customer Data Platform, and GDPR Consent Manager.
Sounds quite good, right?
Problem #2
You don’t want adblocking software to skew your data
It won’t be an exaggeration to say that adblocking software companies right now are having the time of their lives.
According to “The 2015 Ad Blocking Report” by Page Fair and Adobe, in Q2 2015 adblocking software was installed on more than 198 million devices around the world. What’s more, at the same time the usage of ad blockers nearly doubled in the United States alone (compared to the previous year) and totalled over 48 million browser plugins used on a daily basis.
Unfortunately, adblocking software can block not only ads and cookies but also your revenue. Page Fair estimated that in 2015 the rising popularity of ad blockers cost publishers nearly 22 billion dollars!
As if this wasn’t bad enough, it can also do a lot of harm to your web analytics reports, especially if you’re using JavaScript tracking and rely mostly on information gained from cookies.
Solution: Use analytics hosted on your own domain
Using Piwik PRO on-premises will allow you to bypass at least some of the adblockers and operate on more complete data. This is all thanks to the fact that first-party JavaScript pixels – in contrast to the third-party ones – are not detectable by many ad blockers and can collect information regardless of any software your users have installed.
If you want to learn more about adblocking and web analytics data accuracy, we encourage you to check out this blog post.
Problem #3
You want to be able to store web analytics data on your own servers
Data breaches tend to be very expensive. A report from last year by the Ponemon Institute showed that the average total cost of a data leak is $4,000,000. This number includes fines imposed by public authorities, fixing what broke after the hacking attack, and also lost business opportunities.
The cost can further increase, when we take into consideration the fines introduced by GDPR – the most stringent data privacy law ever introduced. In the worst case scenario, that would be up to 20 million Euros or 4 percent of annual global (note global!) turnover, whichever is higher.
If you want to learn more about the ways GDPR affects banking industry, be sure to check this blog post out: GDPR in Banking – How to be Sure Your Web Analytics Complies With the New Law
That’s why you’re probably considering storing your web analytics data on the infrastructure of your choice, taking advantage of self-hosted servers or the services of high-security server providers. This will let you provide the level of safety your sensitive data requires.
Unfortunately, most web analytics vendors don’t give you that option.
Solution: On-premises instead of SaaS (or basically any other) model
As we’ve already said, you may want to seek a solution that allows you to take care of your data by yourself. For example, you might take a look at Piwik PRO On-Premises, a web analytics stack that provides 100% data privacy and protection.
Piwik PRO isolates the front end (the data receival endpoint) from back end (the server holding the data). To put it more clearly: this means that browser requests are separated from the place where your data is being stored and archived at specified time intervals (for example, every other day or even more frequently).
This gives you 100% ownership and control over your data. Archiving is done on your internal server, which you can keep in a bomb shelter underneath your company’s heavily-guarded headquarters, or in any place of your choosing. So you don’t have to rely on third-party infrastructure and you’re free to apply your own security standards.
Want to learn more on the differences between SaaS and on-premises web analytics? Then you should definitely read this blog post.
Problem #4
You want to do business in Russia or China
For a multinational enterprise one of the most important challenges is to adhere to laws and regulations applied in every country it operates in. This may include Russia and China – two massive and extremely promising markets with some of the strictest data privacy policies anywhere.
China
Although the government of the People’s Republic of China has announced that upcoming regulations on personal data will aim at creating a universal framework for all cross-border data transfers, things right now are rather different. At present, the international transfer of PFI (Personal Financial Information) of Chinese citizens is strictly prohibited.
An even bigger problem is connected with the so-called “Great Chinese Firewall”, responsible for the fact that up to 50% of the traffic on your websites can remain undetected by your web analytics tool. This is especially true if you are using Google Analytics combined with JavaScript tracking. Since GA is not allowed to operate in China, data collected using this technique may be extremely unreliable.
Russia
The situation in Russia offers little cause for optimism as well. Federal Law 526-FZ, which came into force in September 2015, states that all personal information acquired from users based in Russia is regarded as personal data and therefore must be stored on Russian territory.
Companies and organisations which violate those terms can face severe consequences. The new law affects almost every business operating in Russia. LinkedIn has already learned how serious Roskomnadzor (the federal executive body responsible for overseeing the media) is about it.
Solution: Go On-Premises!
The easiest way to overcome those obstacles is – once again – to deploy Piwik PRO On-Premises and:
- host all the collected data on local self-hosted servers, and also
- make use of web log analytics instead of JavaScript tracking.
This will allow you to collect and evaluate 100% of your website traffic without any interruption or the threat of potential governmental fines or prosecutions.
Problem #5
You want your web analytics reports to be as reliable as they can be
Firstly, you may want to know what data sampling really is.
Data sampling occurs when only a subset of your traffic is selected and analyzed to estimate overall results. This method is commonly used in situations like public opinion polls, where it’s rather impossible to survey every person qualified to take part in the questionnaire.
Unfortunately, what may work perfectly fine for testing and measurement companies is no good for web tracking. This is especially true when your website experiences huge traffic volumes on a daily basis. In that case the more information sampled, the less reliable your reports become.
If you want to learn more about the potential pitfalls of data sampling, you should definitely get acquainted with this blog post.
Most popular web analytics tools use it anyway. With Google Analytics, data sampling takes place when monthly traffic exceeds 500,000 (standard version) or 25 million actions (Google Analytics Premium). This may become a problem in either one of those scenarios:
- If you’re an enterprise-level organization with a certain amount of users visiting your website (as you probably are), and
- If you want to use your data to generate reports using other tools than your web analytics suite.
Is there any way to overcome these issues?
Solution: Just don’t go for tools that sample your data – it’s easier than you think
Fortunately, in Piwik PRO the amount of records that can be tracked is much higher than in both Google Analytics and Google Analytics Premium. Therefore you can benefit from web analytics reports based on total website traffic by default. Thanks to advanced segmentation methods you can also easily group and identify the most valuable traffic sources within your audience.
What’s more, you can still use raw data collected by Piwik PRO to create reliable reports with the tools of your choice. Any way you want it, that’s the way you get it.
All this means you can be 100% confident that the consumer insights obtained from your web analytics tool are fully reliable.
Problem #6
You want to have access to accurate data from different sources
Your company operates in a sensitive industry and it is likely subject to various data residency and privacy laws. Because of that, it may be challenging to decide what data to collect and from what sources to stay compliant.
If you simply decide to operate on the least amount of information possible to avoid collecting personal data at all cost. As a result, your datasets may be lacking financial, CRM, offline or transactional data. You might also be unable to differentiate traffic between customers and first-time visitors.
Consequently, the information your organization gathers is not only anonymized but also trapped in the silos of departments. The data is scattered all over your analytics stack, making it hard to analyze all touchpoints and use the setup to its full potential.
Solution: web analytics with privacy features and integration capabilities
Make sure to get analytics software that allows you to map the customer journey across different channels and follow user flow without missing any significant data points.
Consider ways to simplify compliant data collection, such as by adding a consent management solution or respecting data residency laws. Check that the data isn’t sent outside the borders of a given country or accessed by any third party.
Free Ebook: 15 KPIs to track for E-Banking and Mobile Banking
Learn about 15 KPIs accountable for customers’ engagement in your e-Banking and m-Banking platforms.
Web analytics for banking & financial services – some conclusions
We know that the problems your company faces may vary from those discussed above. Nevertheless, we hope that you’ll find our tips useful in your quest to find a web analytics tool geared for your specific needs and requirements.
We’re confident that Piwik PRO can provide solutions to many of your most pressing problems.
In the meantime, feel free to contact us and learn more on how Piwik PRO On-Premises functionalities and features can help you comply with even the strictest privacy laws and regulations.