The threat of cyberhackers in today’s data-driven world has led some to ask whether having too much customer data has become a liability.
In particular, the fields of banking and finance have come under repeated scrutiny, with the spring 2017 breach of Equifax, one of the country’s three major credit reporting agencies, among the most recent to grab big headlines.
Through the Equifax breach, 143 million American consumers had sensitive personal information exposed, with the hackers accessing names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, according to the Federal Trade Commission.
The hackers also stole credit card numbers for about 209,000 people and documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the United Kingdom and Canada, too.
In light of the magnitude of such a hack, it becomes tempting to blame the companies collecting the data.
But when it comes to banks and customer data, there isn’t much of a choice for anyone involved, according to Christopher Cattie, chief information technology officer with QNB Bank, based in Quakertown.
“Financial institutions are required [by law] to have customers’ personally identifiable information such as taxpayer ID number, date of birth and other contact information,” Cattie said. “Financial institutions have both technical and nontechnical controls in place to safely store this information.”
Technical safeguards used by financial institutions include encryption, firewalls, malware detection and intrusion prevention, he said.
“From a nontechnical aspect, financial institutions educate and test their employees multiple times per year regarding best practices to safeguard personally identifiable information,” Cattie said.
And yet, Cattie added that “most consumers have been impacted by an unauthorized exposure of personally identifiable information at one point or another.”
ANALYTICS: MORE INFO THE BETTER
That’s why the question of whether having too much customer data is a liability may simply need to be reframed, according to at least one big data expert.
It’s not whether having too much customer data is a liability, but rather whether the good that can be done with all of that data outweighs the bad, said Michael Imerman, the Theodore A. Lauer Distinguished Professor of Investments at Lehigh University, Bethlehem.
“The more that banks know about their customers, the more they can customize their offerings,” Imerman said. “There is a huge opportunity right now in the application of analytics to financial institutions. They can determine what customers are best matches for certain products, lines of credit, investment vehicles. The only way to make the algorithms work, in terms of the data analytics, is to have as much data as possible.
“That doesn’t mean banks are collecting more data than they need. It is a double-edged sword, since it could pose a liability. In this era of big data, it is kind of understood by analytics professionals, the more data the better.”
INFO ALREADY IS ‘OUT THERE’
The benefits and risks of big data also can be found in just about any business or industry, Imerman said, and the same parameters apply whether talking about personalized bank offerings or personalized health care.
Plus, he added, in almost all cases, the information being collected about customers by banks or other businesses already is “out there” somewhere.
“We are in a situation of unless you are totally off the grid [no telephone, no email accounts, no cellphone] and you walk around with a mask on your face, because of facial recognition software, if someone wants to access that information, they are going to find a way,” Imerman said.
“I am more inclined to the view that if we kind of embrace the upside potential and the benefits of this data and use it in a positive way, the benefits outweigh the potential risks of all this data that is already out there anyway.”
POTENTIAL FOR GOOD
Imerman stressed, though, that he understands the concerns that many have about potential data breaches. In fact, before he really began studying big data about four or five years ago, he viewed things a little differently.
“I was more skeptical about all the data that was being collected about us,” he said. “I was borderline paranoid about it and, because of the work I have been doing, speaking to those in industry coming from different perspectives, you get to see the potential, and the potential is really limitless, in terms of how all this data could be used for good.
“There are always going to be people out there who are going to take advantage, whether or not there is a digital record of us. The existence of crime is not unique to the information age.”