I was recently contacted by American Express as part of a market research thing.
The market research involved several members of the market research company interviewing me with a film crew present, and some other people who I guess were employees of either AMEX or the market research company witnessing proceedings.
The key points covered could be reduced to the questions:
- What had I considered when choosing on-line financial services in the past?
- What do I know of the market now and how would I best be reached by any campaign to educate me about service offerings?
- What could be offered that would be key differentiators that would win my business in future?
To answer those first two questions is a guide to the answer for the third, and the third offers some real-possibilities for the financial sector to expand their service offerings greatly.
What had I considered when choosing on-line financial services in the past?
I had presumed this to be ethical things. I bank with Smile.co.uk and they are part of the Co-Operative Bank in the UK.
They are an ethical bank in that all of their investments are checked to ensure that they don’t invest our money in the arms trade, and other obviously unethical companies and industries.
However upon being questioned by the market research personnel I realised that this was a secondary priority. My first priority was security.
The very first on-line bank that took my eye was Cahoot.co.uk . They offer a “virtual debit card” for secure on-line shopping. You can generate a debit card number that has a limit of precisely the amount you wish to spend, give that card to the on-line shop and if the card number is compromised the thieves are unable to access more than the value of the virtual debit card.
That was what I wanted most of all… security. I wanted banks to give me security for my on-line purchases and against identity theft.
I understand the basics of security, I know that security is achieved when two of the following three things are in place:
- Something you are - biometrics, your fingerprint, an iris scan, etc.
- Something you know - your PIN, place of birth, the name of your pet dog, etc.
- Something you have - an RSA key, your credit card, etc.
The use of debit/credit cards in banking has two of those things: You have to present your card (something you have) and enter a pin or sign a signature (something you know).
Yet on-line banking only ever has ’something you know’. They may ask to enter several pieces of information but it all falls under the something you know. A few banks are starting to also introduce something you have in the form of RSA keys, but too few for my liking.
So, it stands that I consider on-line banking to be inherently insecure. One of the three above is not enough to be considered secure, and as every security expert in the world knows this I consider the liability for on-line banking to be firmly with the bank.
So… since I regard all on-line banking as insecure I never selected my bank according to my first priority. Instead I chose by a second invented priority: ethical banking.
If people are selecting on-line financial services by their secondary priorities then financial services that will be able to grow the most will be those that offer services and products that differentiate themselves above core services.
What do I know of the market now and how would I best be reached by any campaign to educate me about service offerings?
The answer is “not much” and “with difficulty”.
I don’t have a television, and don’t listen to the radio. I don’t buy newspapers, nor do I read the free papers on the train (I cycle). So what media do I consume?
I consume the internet. Specifically being the jaded S.O.B. that I am I consume my peers more than I consume major hubs. So this means I’m paying attention to del.icio.us, digg.com, youtube, myspace and sites based on social networks and folksonomy driven information. Then there are the sites applicable to my career (Computer Programming), slashdot, Boing Boing, Ars Technica, etc. And finally there are blogs and forums.
So I learn from the internet, from friends, peers and those with similar taste to me. The way to market to me is not to take out TV adverts, newspaper adverts or radio slots, nor is it to take out adverts on MSN or Yahoo. The way to market to me is to create a product of such difference that it gets talked about amongst the technorati and bloggerati, to let them create the buzz because the product is “worth creating a buzz over”.
You can’t buy that, and that’s why I trust it.
What could be offered that would be key differentiators that would win my business in future?
And herein is the real gem. What (beyond security) could an on-line bank offer me to convince me to consume their services? What could they offer that would set the technorati and bloggerati alight to let me know it’s being offered?
My view:
On-line banks haven’t yet progressed beyond being brochures for their products and mimicking tellers.
We view our transactions as they have them stored, we are presented our banking information in the same stale way that it has been presented on paper for decades if not hundreds of years.
I think that the key product differentiator is to offer us the ability to have control and transparency over our banking.
What do I mean by this?
For control I mean meta-data.
Underneath would be the regulatory required information that banks possess and report on internally, but on top should be a rich framework allowing us to alias transactions (instead of just seeing AMAZON INC’ why can’t I add the sub-label “Books for Mary”), tag transactions (gifts, bills, travel, sustenance, house, car… allowing any number of arbitrary tags) and to assign other meta-data around our transactions.
For transparency I mean reporting.
The bank knows how much money came in this month, and how much has gone out. And they know this for all the months prior. Why can’t we see bar charts showing “health” of the account by showing a break-down month-by-month for money in vs money out.
If we had tagged our transactions, why can’t we get reports on where most of our money has gone?
Why can’t we get reports on trend? I want to see that my food costs have risen each of the last three months, that I’m being more extravagant and should reign-in a little.
And there’s something in it for the banks too. They all offer add-on and partner services, why not allow us to assign visibility and sharing to the bank and third parties (all off by default and purely opt-in) to allow the banks to find deals for us and sell us things. Imagine sharing your ‘flights’ tagged transactions, could the bank get your a deal on your travel insurance? If you shared the meta-data would they offer cheaper tickets for your favourite routes via their partners?
So there we are. That’s where my thoughts led their market research and that’s where my thoughts went. Upon sparing a moment to debate it the obviousness of it all seems clear, but yet no-one in the market seems to be doing this. And that’s what I want, a bank to give me control of transaction level meta-data and to offer custom reporting based on that meta-data. That is how the banks could Web 2.0 themselves.
David,
Just found your blog on Technorati, and i enjoyed your post.
There are huge possibilities for web 2.0 characteristics (tagging, etc) to make their way into many different industries. I agree that banking is a great place for that. I work in the industry, and while it is typically a slowly responding industry (mainly because of the security, as you mention) i feel like it would be a great way to add value to the customers, and increase online banking usage, which is more convenient for the user, and drives costs down for the bank… it’s a win/win.
Thanks for the post, I’ve grabbed your RSS feed, and look forward to reading more from you.
On a side note, looks like your into cycling… has web 2.0 had much adoption in that area?
Cycling hasn’t yet benefited either, yet there is scope to do so.
Cycling is really a multi-faceted thing, cyclists are usually into one area (mountain biking, commuting, road-racing, track racing, bmx stunt riding, etc) and purchases relating to one don’t necessarily appeal to the others.
There is a move to create cycling equivalents of MySpace social networking with sites like http://velospace.org/ and to offer AJAX functionality with shared route planners like http://www.bikely.com/ .
What there hasn’t been is a concerted effort to benefit fellow cyclists by using the collected information of individuals.
Web 2.0 works when the web pages are more than brochures and serve the user as well as collect information (which becomes greater than the sum of parts). No cycling site that I’ve seen does both well.
So cycling hasn’t got there, hasn’t yet benefited. But a start has been made and once the benefits are fully understood I’m sure they’ll catch up quickly.
And hey, if you work in the industry and can get any of my ideas on on-line banking implemented feel free to show them to whoever you want. As soon as it starts to get implemented others in the industry will be at a disadvantage and will be forced to provide their own services to compete. This is good for all customers as transparency and control of finances will help a hell of a lot of people in this debt-ridden age.
In the answer to your first question you note that online banks only use one of the three pillars of security - things you know. In fact, in markets outside the UK there is also a ‘things you have’ requirement.
Each online banking customer is given a small calculator-like device, about the same size as a box of matches (with a key-ring attachment). As part of the login process for an online account the user is given a four digit code by the server. The user types the four digit code into the device and is given another four digit code in return - this is entered into an online form and must be correct to allow for account access. Since each of the devices is unique to the user and cannot be shared (as it would provide the wrong codes for anyone other than the intended customer) it fulfils the ‘things you have’ criteria.
So internet banking itself need not be inherently insecure - it just is in the UK. I know for certain that all banks in Sweden use this system, and there are others in different countries too. Why British banks have not adopted such a system is not clear…