Between the Instagram selfies, Twitter hashtags and Facebook posts, millennials seem to overshare. Their life is an open book on social media, and even the tiniest of details are never too much to provide.
But when it comes time to hand over information to authenticate themselves to conduct a financial transaction, that door slams shut.
“The more information that’s asked of them, the less likely it is that [millennials] will finish the application,” said Johnny Ayers, cofounder of Socure. “Consumers understand that a business has to verify who they are, but millennials, in particular, don’t understand why they are asked for their life’s history when all they want to do is buy something online.”
Millennials expect technology to intelligently know who they are, with any investigative work done on the back end. Regulators expect banks to know that the transactions they are authorizing aren’t for bad guys or deadbeats who can’t pay them back.
Finding that right balance between what financial institutions obviously need to cover from a regulatory perspective and eliminating friction from the end user experience isn’t so easy — especially when many millennials haven’t built up enough of a credit profile for banks to easily make that call.
It’s All About The Use Case
Knowing the customer is a given — not to mention a regulatory requirement — and more challenging than ever as the bad guys become more sophisticated in their use of technology to try and outsmart the good guys. Doing business online only makes that task more challenging, as it is coming at the same time that more business is moving on line. The importance of authenticating a customer has never been more important.
There is a big difference between buying a t-shirt on Amazon and getting a loan for a new home, noted Ayers. While more information is (obviously) needed for the latter, many more businesses fall somewhere in between a simple purchase and a large loan. And they need customer data — at least some.
“There is a dichotomy between eCommerce and financial services,” said Ayers. “So, many millennials are providing such limited information for, say, when they buy a shirt or a jacket on Amazon, and they provide a name and an email, maybe a billing address or shipping address, and possibly a phone. But really, that’s it.”
“We’ve seen some of these [applications] have 40–50 questions,” he said. “But we’re seeing some institutions move away from date of birth — collecting fewer and fewer bits of information and then forcing the institution to do more sophisticated analysis passively on the back end [by] using more machine-learning tools to try and predict as much of this data as possible,” said Ayers.
But how few is “fewer?”
“I think it really depends on the use case,” said Ayers. If a retailer is selling a consumer a television, they need to collect a name, address, email, phone number and possibly the billing address if it’s different from the shipping address.
“That’s what we see in the eCommerce space at a minimum,” he said.
But verification for delivering a shirt by mail, Ayers pointed out, is nowhere near as heavy as being on the hook for a home loan or another big purchase. And naturally, an application for that extension of credit will require other validating information, such as date of birth, Social Security number and a laundry list of other due diligence-type questions, including about income, residence and longevity at a job. That due diligence is not only important for a lender to make a judgment about the borrower’s ability to repay the loan, but it checks the regulatory boxes about knowing the customer.
According to Ayers, there is a trend that swaps out the Social Security number for tracking, investigation and verification purposes.
“As more millennials move into cities, they’re not buying homes at 26 with their high school sweetheart … They may be moving each and every year until they’re 30-years-old,” he said. “As these consumer behaviors change, some people are estimating that you may never change your [cell] phone number for the rest of your life.”
“We’ve seen services that can map one email to multiple emails [and] one phone to multiple phones,” said Ayers. “There’s a lot of information that you can infer from public record data — it just takes some artificial intelligence, some usage of some new types of technologies to be able to infer this type of information.”
What Can Be Shared?
Social networks are a virtual treasure trove of information about the kinds of “tangible intangibles” that can help to authenticate a consumer’s identity. The lack of a social network or the newness of a profile offer valuable inputs that can help relying parties determine the authenticity of a consumer, for example. On the flip side, consumers without much of a credit history but a robust social profile, when used in combination with other data, may make the difference between an approval or a decline.
But as valuable as that information may be, social networks are challenged with how to address the use of personal data that is a part of a person’s social profile by an organization to support decision making. In November, Admiral Insurance made news when it announced that it would offer discounts to consumers who gave them permission to look at their news feed and use that information to decide if that consumer would be a safe driver. When Facebook learned about this program, it shut it down, allowing consumers to log into the Admiral app with their Facebook ID but not allowing access to the consumer’s social feed as an input to their underwriting decisions.
That, and other situations like that, raise questions about what is considered public or personal data, especially in the face of social network platforms touting their ecosystems as platforms from which applications could not only build on top of but also connect with consumers — and consumers’ data — easily.
“The social networks are very large custodians of consumer data,” said Ayers. “And there’s been this evolution as they realized that they have 1.5 billion people on the network that may not understand how authorization works or how much information they’re giving away for a particular application.”
But in light of hacks and sensitive consumer data, some social networks have created somewhat of an “audit process” toward these businesses that arguably shifts the focus to what benefits the consumer, rather than just the business.
“We’ve seen some applications be successful in saying, ‘We are collecting this information to the consumer’s benefit, which is A, B and C,’ whereas we’ve seen other applications be unsuccessful with their application processes when there has not been an explicit consumer benefit to collecting that data,” said Ayers.
Some of the networks go so far as to explicitly relay to consumers that certain information in their profile can and will be public. This gives the individual choices in terms of what to display but may have implications for data collection.
Ultimately, as Ayers sees it, the trend is pointing to how the use of certain data makes a consumer’s life easier or their experience better. It will take some legwork for financial institutions. Investing in more technology like artificial intelligence and other methods will allow these businesses to collect the information they need more efficiently, while, passively, the consumer willingly provides less and less of it, Ayers said. Using many of those legacy rules won’t really help them capture the next generation of consumers. New consumers, he noted, need new channels and tools. “It’s interesting how technology is now changing how we think about ‘traditional data,’” he added. “The focus needs to be on the identify attributes that will be needed — and then used — to verify someone’s identity in 2025.”