Weeding Out Bad Data

  A wave of new government regulations is spurring many credit card issuers to root out bad data lurking in their information systems, while simultaneously the issuers are improving business processes.
  Bad data refers to incorrect or duplicated customer information, which costs corporations more than $600 billion annually, according to the Chatsworth, Calif.-based Data Warehousing Institute. Credit card issuers, with some of the largest customer files in the United States, waste millions annually because of bad data that results in inefficient marketing and lost business opportunities, say experts.
  But now bad data also can lead to steep fines from government agencies, which are keeping a close eye on how financial-services companies manage and store data, for the dual purposes of protecting consumers' privacy and preventing corporate fraud.
  "We're looking at a looming time bomb for a lot of items related to data security and privacy over the next two years, and many companies are coming to us late in the game, trying to find solutions to their data issues," says Earle Humphreys, executive vice president, product management, at Omaha, Neb.-based Solutionary, which provides information-technology security consulting to financial institutions, among other companies.
  The basic solution for cleaning up bad data applies to most companies with massive databases, say experts. Simply put, it involves establishing ongoing systems to cleanse and verify the names, addresses and facts associated with customer files. In addition, it is recommended that companies managing large amounts of data create systems to detect fraud and security breaches, and require that third parties handling their data also provide the same level of protection and security.
  While many credit card issuers have been performing variations of these practices for several years, they and many other financial-services firms still have holes in their data-management systems, say experts.
  "Credit card issuers have more data than just about anyone, and many are meeting government requirements on a piecemeal basis and sometimes falling short," says Tony Fisher, president and general manager of Dataflux Corp., a Cary, N.C.-based consulting and software company that works with card issuers on data issues.
  That may change soon, as the Securities and Exchange Commission and the U.S. Postal Service recently tightened their rules about how data must be handled, and are threatening to levy fines and sanction those who are not in compliance.
  More of leading-edge financial-services providers also are starting to demand that all of their corporate customers and vendors adopt higher standards for handling data to reduce their own liability.
  Competitive Advantages
  Yet another force driving the quest to eliminate bad data is the fact that executives at many credit card issuers are starting to recognize the competitive advantage to be gained by quality data management, say industry executives.
  "It's almost like a new phase of the CRM (customer relationship management) movement is taking hold at many financial-services companies," says Frank Dravis, vice president of information quality at La Crosse, Wis.-based Firstlogic, which provides software and consulting for the industry.
  Since the late 1990s, financial-services companies have been on a treadmill of technology-driven changes involving data management, starting with the need to comply with Year 2000 demands, followed by a flurry of new privacy regulations after the terrorist attacks of Sept. 11, 2001.
  Now a new series of rules is putting pressure on financial-services companies. Among those: the Postal Service now is starting to crack down on direct marketers that are using inaccurate data in their mailings by performing audits that lead to penalties and the withholding of bulk-mail discounts. Loss of bulk-mail discounts could be very costly to heavy mailers such as card issuers.
  In addition, the Sarbanes-Oxley Act of 2002, aimed at blocking manipulation of financial data by public companies, contains certain provisions affecting the information-technology departments of credit card issuers. Section 404, which went into effect recently, requires companies to document the process controls they use to safeguard financial data, including their ability to detect and document any irregularities or security breaches.
  These controls will have to be maintained and monitored on an ongoing basis, and that will require information-technology upgrades for many financial institutions.
  Credit card industry IT experts say the new corporate data security rules are having a ripple effect across the industry. To comply with the regulations, card processors now are making sure their merchant partners have appropriate measures in place to safeguard customer information at every step along the transaction process.
  As electronic fraud continually takes new forms, data security is going to become even more closely monitored internally and by government agencies, say observers.
  "The government wants companies to show that their decisions are made on data that are 100% accurate and to put internal controls in place to support that," says Kevin Rhodes, chief financial officer of Wakefield, Mass.-based Edgewater Technologies, which performs a variety of data-management services for financial companies.
  It is no surprise that the need to comply with new data-quality and management rules is spurring fresh expenditures on technology.
  TowerGroup, a Needham, Mass.-based financial-services research firm now owned by MasterCard International, predicts that domestic IT spending will increase 4.2% in 2005, to $36.8 billion. The banking and payment industries will lead the way, primarily through efforts to comply with various regulations and internal security measures, TowerGroup says.
  Naturally, no one advises establishing hasty solutions to comply with the new rules without taking a big-picture look at data's importance to the company as a whole. It is always wise to examine the return on investment before making significant expenditures in IT, say experts.
  "Compliance with new data regulations is a cascading situation that just keeps evolving, and often IT departments are coping with these issues on a case-by-case basis without ever getting management to focus appropriate attention on the problem," says Humphreys, noting that such an approach can be a waste of money.
  Silver Lining
  The silver lining is that compliance with new data-security rules is causing financial institutions to take a closer look at the authenticity and accuracy of their customer data, which is driving them to discover internal redundancies and inefficiencies.
  Ironically, Sarbanes-Oxley is forcing credit card issuers to make strategic improvement and to look at their marketing and operational processes horizontally, according to Dean Nicolacakis, a San Francisco-based partner with Diamondcluster International, a financial services consulting firm.
  "Credit card issuers should be using their data to maximize profitability, and by documenting their processes to comply with the government's rules, it tends to reveal new dimensions for exploiting profits," says Nicolacakis. "Organizations always have a vertical orientation, which is necessary for performing many functions. But until Sarbanes-Oxley most companies lacked a real impetus for looking at their data horizontally," he says.
  "Banks and credit card companies know data is important, but over the past several years they have continued to treat it like a cost center, or a burden," says Firstlogic's Dravis. "Now we have new regulations spurring people to examine their data practices, and it's causing people in the IT and data departments of these companies to start asking good questions."
  For starters, most credit card issuers need to overhaul their data systems "from the atomic level" and start looking at their files as groups of households, not merely as individual customers, Dravis says. "A single household often has five different credit cards all with the same company, with different credit scores and credit limits, and the issuer's information system cannot tie them all together," he says.
  Single View
  Dravis believes credit card issuers ought to adopt a system to cleanse and validate each customer file to get a single view of a customer's credit card history over his lifetime, then analyze how it fits with the credit card usage of other people in his household, all of which can be accomplished by new software programs that are highly customizable.
  Even strict compliance with government and industry regulations cannot protect card issuers from the steadily evolving tricks of fraudsters. Such criminals constantly are finding new ways to take advantage of the cracks in issuers' data walls.
  Last year, such slightly inaccurate data were causing major headaches for Sioux Falls, S.D.-based Total Card Inc., which offers a credit card by that name in conjunction with a bank. (Total Card also provides collections and customer-service functions to other credit card issuers.)
  "People with dubious credit histories have become very clever about seeking credit by altering the spellings of their names, adding initials and making slight changes in street names so it creates a new address that is delivered to the old address," says Mike Wheeler, Total Card's chief software architect.
  To solve its problems with falsified data, Total Card contracted with Melissa Data of Rancho Santa Margarita, Calif., which provided Total Card with real-time verification of applicants' addresses. The system it uses, Data Quality Web Service, is based on the Postal Services' file of some 142 million deliverable addresses across the nation.
  Since implementing the system in the fall of 2004, Total Card has dramatically cut down on bad data with its online applications, says Wheeler.
  "When the system flags something as suspicious, we put one of our investigators on it immediately," he says.
  Although more credit card applications are being initiated online, a substantial amount still are filled out by consumers and retail clerks by hand. This manual process introduces a great deal of inaccurate data caused by difficulty reading and transmitting hand-written documents.
  American Document Management helps issuers to verify the information gathered from customers at the point of sale on instant-credit purchases of such items as boats, motorcycles and recreational vehicles. Those are areas where fraud and loss caused by bad data can add up quickly when individual purchases can be as high as $75,000.
  "We've discovered there is an average of one mis-key for every 150 to 300 keystrokes when data is entered into a system, and that can mean you're getting bad data right from the beginning," says Karen Unger, president and chief executive of Fort Lauderdale, Fla.-based American Document Management.
  Her company receives the original applications and enters the data twice, then compares the information with the original to avoid inaccuracies. New customer data are verified against master databases to be sure the information is legitimate. Original signatures are verified as well.
  "A fraction of applications are truly illegible, and we do research on those so that the lender isn't liable when data is inaccurate or fraudulent," says Unger. American Document Management also works with lenders to design hand-written applications for the clearest possible presentation of data.
  Household Files
  The Postal Service has increased incentives for bulk mailers such as credit card issuers by licensing various affordable database-management systems to third-party software providers. Last fall the Postal Service made it easier for mailers to bring in-house its National Change of Address database of more than 100 million households that have moved over the last five years. For less than $20,000, mailers can set up a system enabling them to run every mailing through the change-of-address database for better accuracy, instead of outsourcing it. Melissa Data offers such a service, called SmartMover.
  Pitney Bowes also increased its offerings in this arena recently with its new VeriMove verification system for marketers, created by its Group One Software division. With Pitney Bowes' background in mass-mailing tools and Group One's expertise in crunching data, the product "has extreme search algorithms to detect more moves and better matches within files," says Kurt Kunow, Group One's vice president of product management. In particular, he says the system can detect the accuracy of addresses in multi-unit residences such as high-rise apartment buildings, where inaccurate address data often are hard to detect.
  Software developers and system integrators say demand for their services is high, as credit card issuers seek ways to managing their vast databases more efficiently.
  "There are so many ways data can be at risk in large systems like those operated by credit card issuers, but new technology is making it possible to guard it like never before," says Solutionary's Humphreys.