When Equifax disclosed its enormous data breach that exposed the personal information of some 143 million people, the reaction of many consumers and corporate executives was similar and familiar: our data is at risk at all times and the less access we give to others the better.
But that is precisely the wrong lesson to take from the event, say Bruce Parker, founder and CEO of Dallas-based Modo, which conducts the exchange of payment-event data securely and fairly across the platforms of banks, networks, payments processors, and their partners. Its technology, known as COIN, is designed to power payments events that move value from any source to any destination without either party having to modify their payments system. No need to throw out the old technology to make way for the new. Modo’s COIN transaction services include: connectors, transaction processing, settlement, reconciliation, and a secure vault.
In the wake of Equifax, Parker says companies and consumers should not revert to some earlier state of limited data sharing but instead commit themselves to sharing even more granular data. That might sound counter intuitive at first, but he explains that limited data sharing and the old “batch” approach to data security, whereby companies applied broad guidelines to large sets of consumers, are imprecise and inevitably cause problems with security, usage, fairness and permissions.
As a block it is practically impossible to make consistent rational decisions about data, Parker says. But by sharing more detailed information, companies can treat transactions on a case-by-case basis with much more precision. It’s far better to stay granular, and focus on how a customer wants to handle “this specific transaction” rather than complying with policies that apply to large sets of customers. This greatly reduces the chance of fraud and the scope of loss in a breach.
“Breaches will always happen, but the sharing of data will always be a benefit,” says Matthew Leavenworth, Chief Product Officer at Modo. “Let’s not hide our data in a hole and not share it. Let’s share data the right way and get those benefits by using data more on a case- by-case basis. That’s going to engage consumers better and build confidence.”
The good news is that a case-by-case approach to transactions is already possible and in use—and well received by consumers. The most common examples are the alerts consumers receive when their credit card company wants to check a suspicious transaction. This kind of case-by-case approach to transactions could be much more widespread, says Leavenworth, but companies must begin to view the approach as a way to enable transactions, not just to prevent fraud.
For example, Modo is now working with retailers and banks so that retailers can interact with customers by leveraging the payment data from their receipts with the identity information in bank credit cards. If the customer tends to buy a certain type of shoe, the retailer could notify the customer if that shoe goes on sale via the bank. Or if that shoe goes on sale the day after the purchase, the store might credit the account to build brand loyalty. For the retailer this is a very efficient way to reach customers—much better than trying to get them to sign up for email alerts. The banks, meanwhile, are generating additional card usage and facilitating better experiences.
This kind of communication with between participants is possible because Modo is managing four elements of each payment event: the identity of the participants (i.e. the retailer and the customer), the actual moving of the money (i.e., the accounting and ledger entries), the lifecycle of the transaction, and various other informa- tion attached to the transaction, such as the receipt, or in other cases invoices or delivery information.
Crucial to keeping these exchanges of data secure is that Modo gathers the data for a particular decision, and makes it available at that particular moment in time. It does not need to be moved in large, aggregated blocks of data. In fact, that’s one of the big advantages that Thad Peterson, a senior analyst at Aite Group, sees in the Modo solution. “After Equifax, everyone is talking about the risks of aggregating data. One of Modo’s advantages is that data doesn’t need to aggregated. It can be called on as-needed and processed for a decision. This kind of disaggregated model could potentially minimize the risk of another Equifax.”
Improving security is a never-ending journey. And in light of the Equifax breach, a focus on ID theft is highly appropriate, Parker says. But companies and customers alike would be doing themselves a disservice by cutting off their data. Indeed, sharing more data and enabling an even more granular, transparent view of transactions may prove to be the best defense.