Ask For Permission, Not Forgiveness


Asking for permission is something our mothers taught us from Day 1. It’s also the basis for how Mike Cook, CEO & Founder of XOR Data Exchange, is using data aggregation to manage SMB credit risk, fight fraud and put consumers back in control of their identity.

And the matchmaker business model to work to help see it through.

In this week’s installment of PYMNTS’ new video/audio series The Matchmaker Is In, hosts Karen Webster and David Evans, economist, MPD Founder and co-author of the No. 1 new release on Amazon — “Matchmakers: The New Economics of Multisided Platforms,” sit down with XOR Data Exchange CEO and Founder Mike Cook to get the scoop on how the permission-based data platform works.

These exchanges supported by XOR Data Exchange are not your typical shared database platforms. First off, they are exchanges built because industry players have a problem that data – the right data – can solve. And even though data owners are able to contribute their data to a common exchange, their data isn’t shared with anyone they don’t want to have it shared it, nor is it ever used in any way other than how the data exchange parties have stipulated it to be used.

As Cook points out, any company that contributes data is always the true owner of that information and has control over ensuring that the data is used only for the explicit and agreed to purpose that XOR has permissions for.

“We’ve built a lot of privacy enhancing technologies that allow us to let companies share information without actually flying the data around,” Cook explained.

With clients ranging from big banks and credit issuers to lenders and companies across the communications industry, XOR Data Exchange says it has helped address specific problems such as small business credit risk, small business fraud, digital money transfer fraud, and, most recently, compromised identity theft.

The company’s Compromised Identity Exchange was launched two weeks ago at the request of a large bank that had customer records compromised. Though these compromised companies usually offer credit monitoring to impacted customers, which less than 10 percent of people ever opt-in to use. Further, Cook said that only offers alerts and doesn’t actually stop the fraudulent ways in which data is used, such as opening new accounts, taking over accounts, wiring money and perpetuating identity fraud.

The two sides of the platform – at-risk entities and compromised organizations – are stakeholders that XOR, the matchmaker, brings together and who derive value from being part of its data exchange. The compromised entities share the breached customer information. The at-risk companies – those who are the likely targets of those compromised identities — benefit in different ways.

The breached organization is able to assure 100 percent of its consumers whose identities were comprised that they are being monitored to prevent fraudulent activities.

The at-risk organizations get access to lists of “scored” identities to determine who is at the highest risk of being defrauded. FIs can then be proactive and not reactive in dealing with the likelihood of fraud.

XOR’s matchmaker business model is not atypical. Like many matchmakers, there is a subsidy side and a revenue side.

For its exchanges, the revenue side is the at-risk organization that is charged a transaction fee based on the risk assessment information that XOR provides back about the data itself. The risk assessment delivered allows companies to mark and monitor the risk of application fraud for the elements of data provided to the exchange, Cook noted.

And since the compromised data is what the at-risk entities value, compromised data owners get to contribute their data for free.

“We make money on the at-risk side by helping to reduce fraud, but we want compromised companies to participate,” said Cook, noting that the more compromised data that’s available in the exchange, the better.

Obviously the flywheel spins when more data flows into the exchange, which attracts more at-risk organizations, which makes the CFO happy.

But unlike a lot of matchmakers that need scale in the form of multiple entities to get traction, XOR needs only a few of the right entities to make their matchmaker engine hum. This bi-lateral exchange of information, which could need as few as one (of the right) entities on each side, helps XOR Data Exchange get over the liquidity hump that most matchmakers encounter and struggle to overcome.

Cook acknowledged that reaching critical mass is nothing anyone can ever underestimate. But XOR’s focus on solving real problems and having the trust of companies that their contributed data will be used to securely get the job done, he believes, has helped them reach critical mass pretty quickly.

Cook described his company as both a disruptor in the data aggregator space as well as a being able to complement what’s already available in the market by solving new problems creatively.

XOR Data Exchange’s use of privacy-enhancing technologies can be seen as a nuanced approach, because, as Cook explained, “we’re a data aggregator that follows data minimization and that’s pretty disruptive because using privacy as a competitive advantage is something new.” Privacy in terms of not having data contributed used for purposes other than what it was intended – and privacy in terms of consumers not having their identities used against them to commit financial fraud.

“We do not like data breaches, so we want to really take away the ability for fraudsters to monetize that information. Our goal is to see the line of data breaches, which continues to climb, actually begin to flatten in the coming years because hackers will have a tougher time making money from the data they steal,” Cook added.