What are banks doing with your financial data? - FT中文网
登录×
电子邮件/用户名
密码
记住我
请输入邮箱和密码进行绑定操作:
请输入手机号码,通过短信验证(目前仅支持中国大陆地区的手机号):
请您阅读我们的用户注册协议隐私权保护政策,点击下方按钮即视为您接受。
数据

What are banks doing with your financial data?

Your transactions reveal a lot about you as a person — it could be valuable information

“To the 12,750 people who ordered a single takeaway on Valentine’s Day. You OK, hun?”

Stuck up on London underground trains by Revolut in 2019, the damning question was the fintech’s tongue-in-cheek attempt to show off its close relationship with customers.

The ad sparked a backlash, with many taking to social media to call out not only its patronising, “single-shaming” tone, but the fact that Revolut’s private bank transaction data could be so casually publicised.

The PR disaster serves as a cautionary tale of the sensitivities around customer data in financial services, where trust and privacy are paramount to the client relationship.

Banks and payment companies have amassed a trove of data about clients’ financial behaviour, the rewards of which are too tempting to overlook.

For banks and payments companies, the question is no longer whether they can leverage their data, but how and when they will seize this opportunity

Andreas Schwabe, Alvarez & Marsal

While more conservative banks devote resources to “indirectly monetise” their customers’ information by offering them better-suited offers and products, the boldest disrupters — fintechs such as Revolut, Klarna and PayPal, as well as the US bank Chase — are experimenting with selling anonymised data to advertisers.

Andreas Schwabe, managing director at consultants Alvarez & Marsal, describes the sector as being at at a “critical juncture” with regards to its use of customer data, either for internal or external purposes.

“For banks and payments companies, the question is no longer whether they can leverage their data, but how and when they will seize this opportunity — and who will emerge as the frontrunner in this rapidly evolving landscape,” he says.

So what exactly do banks and payment providers plan to do with your financial data? Is it safe? And is there anything you can do about it?


The value of our financial data has been recognised for decades. “Information about money has become almost as important as money itself,” observed former Citibank chief executive Walter Wriston in 1984. Though his efforts to position the lender as a competitor to data companies such as Bloomberg largely failed, the adage is truer now than ever.

As the use of cash falls, more of our lives are recorded in the form of electronic payments. From friend and business networks to spending on everything from luxury handbags to charitable donations to gambling and pornography sites, much can be revealed about a person from their bank account and transaction history.

The use of personal data is regulated differently across Europe and the US. UK legislation splits data into two categories. Sensitive, or “special category”, data includes information about racial or ethnic origin, genetics, religion, trade union membership, biometrics, health and sexual orientation. The rest is classified as non-sensitive data, which is easier for companies to handle.

Transaction data is not inherently sensitive, but protected characteristics can be gleaned through analysis and enrichment — the process of improving the value of existing data by adding new or missing information.

Karla Prudencio Ruiz, an advocacy officer at the research non-profit group Privacy International, gives the example of a banking customer who pays school fees at a faith school, suggesting their religion; or someone spending regularly at the oncology unit at a hospital, providing information about their health. “You can deduce things,” she says.

Some fintech executives have stated that a more integrated use of customer data could shift their business model. Undeterred by its Valentine’s Day mishap, Revolut is in talks to sell advertising space on its app to brands. Antoine Le Nel, its head of growth, told the FT in April that the fintech could become a true media and advertising business in the future.

In order to sell this to advertisers, the company, which received a UK banking licence over the summer, is looking to increase the time its customers spend browsing its financial app. Like social media companies, it keeps a close eye on its customer “engagement” metric.

Chad West, a former employee of Revolut who led its Valentine’s Day campaign, describes the ad as an “error”.

“Regardless on whether the data was aggregated or fake, it gave the impression that finance firms snoop on your every move and transaction, which is not the case.”

But, he adds, the fintech’s current plan to advertise from within its banking app carries the risk of annoying customers and tarnishing its reputation for a great user experience.

“It’s crucial that they perform solid due diligence on what the short-term impact could be, such as an exodus of privacy conscious customers, versus the long-term impact, such as a loss of trust in the event of a data leak or poor privacy controls.”

Zilch, another UK fintech, has built its business model on this premise. The company, which is backed by eBay and Goldman Sachs and has about 4mn customers, makes money from targeted advertising based on its transaction data which it uses to subsidise the cost of credit for consumers with zero-interest loans.

“We’re actually an ad platform that’s built a credit proposition on top of it,” chief executive Philip Belamant told the FT in June. 


For all the enthusiasm, the nascent offerings are yet to prove a game-changer for banks. For Tom Merry, head of banking strategy at Accenture, a consulting firm, their benefits can be overplayed while the challenges are not necessarily worth the potential rewards.

“Banks are sat on tonnes of what I would call ‘nearly useful data’,” he says, referring to “large volumes of aggregated anonymised socio-economic cohort and transaction data” that can become more valuable through enrichment.

“Sometimes people over-emphasise the value of that nearly useful data,” he continues. Banks have it, but also retailers and third party databases as well as loyalty scheme providers. “People can get it from elsewhere, probably as deeply and without having to go into the complex web of integrating with banks.”

Merry says that making substantial money from monetising data would require “scale” and “a sufficiently differentiated set of insights that people would pay a higher margin for it”. Otherwise, he says, “it’s probably not going to change the profile of a bank’s business model”.

Lloyds Banking Group sees the monetisation of its 26mn customers’ financial data as an area of growth. The retail bank launched a “customer insights” team in 2022 that has grown to 40 employees.

Lucy Stoddart, managing director of Lloyds’ global transaction solutions, said one example of this was analysing aggregated and anonymised customer data around shopping habits to provide insights to commercial real estate landlords and help them make better-informed strategic decisions.


The potential for data breaches risks damaging the trust between customers and the institutions holding and managing their money.

A report by consultancy Thinks Insights and Strategy found that people perceive sharing their credit and debit transactions as more risky than other types of data, including health information, because the benefits of doing so are less clear.

Young people aged between 18 and 24 years tend to worry about data sharing less than their older peers. However, that may be because they have been sharing it their whole lives, according to the Office for National Statistics.

Donna Sharp, a managing director at MediaLink, which helps companies including in financial services to run media campaigns, says analysing customer data is an essential part of the service that banks and payment companies provide.

“The reality is that all these financial institutions have your data; you want them to [have it]. It protects you,” says Sharp. She gives the example of banks figuring out whether a card was stolen via behavioural pattern analysis and geolocation data.

[As] more data flows, what you end up with over time . . . is much more personal pricing: you get the right price for you based on your credit risk

Justin Basini, ClearScore

The challenge, she says, is fostering greater “transparency and understanding of how that might be used and what’s the value to you.” She believes consumers are generally fine with their data being used as long as they can see the benefits trickle down to them. 

“If [I’m getting] 10 per cent off a trip I want to go on, I’m not mad that you brought that information to me,” says Sharp.

In the UK, the open banking industry, which allows financial companies to access to non-anonymised bank data with the permission of customers, was built on the promise that sharing data in this way would foster greater competition and ultimately benefit customers.

Justin Basini, chief executive of credit report company ClearScore, says data-sharing technology can allow lenders to access information previously only accessible by banks, known as “current account turnover”, in addition to credit reports and scoring. Seeing a fuller picture of prospective borrowers’ financial health allows lenders to adjust their rates and extend credit to more people.

“[As] more data flows, what you end up with over time . . . is much more personal pricing: you get the right price for you based on your credit risk, and you’re not bucketed with other people,” says Basini.

“If the market is basically more able to discriminate risk because there’s more data around, everybody gets a fairer price.”

ClearScore also gives “credit health” scores by using open banking to analyse transaction data to show customers how specific payments such as gambling may affect their options with lenders. Under open banking legislation, ClearScore requires explicit permission from consumers, which has to be renewed every 12 weeks through various loops including ID checks.


Stopping your financial data from being used by your bank or payment provider is tricky. In the UK, any company handling customer data has to comply with a variety of rules. For instance, they need opt-in consent from customers and a legitimate reason to use their data. Claire Edwards, data protection partner at law firm Addleshaw Goddard, says another important principle they need to stick to is “data minimisation” — not collecting more information than is needed.

But this only applies to data that identifies people.

“Once it’s anonymised, it falls outside our regime. The banks are probably already doing whatever they want with that,” she says. “As a consumer you can’t really opt out of that.”

Under UK privacy law, individuals can send “data subject access requests” (DSARs) to ask companies if they are using and storing their personal data, and request copies of this information. Companies have 30 days to respond under the Data Protection Act.

One high-profile case saw politician Nigel Farage send such a request to private bank Coutts after it closed his account. The bank was then obliged to send him a dossier that revealed its reputational risk committee had accused him of “pandering to racists” and being a “disingenuous grifter”.

15%Increase in complaints about data subject access requests in the year to April 2024

Customers dissatisfied with DSARs can also complain to the Information Commissioner’s Office, the UK’s privacy watchdog. Such claims have jumped 15 per cent in the year to the end of April, a freedom of information request sent by consultancy KPMG found. Complaints about financial companies’ responses to DSARs made up the largest share of the total, ahead of the health sector.

This could be because financial companies — and particularly banks built on a patchwork of IT systems — may struggle to source data quickly and present it in a readable way. They also have to leave out information that may breach anti-financial crime regulations. Bank employees are criminally liable for “tipping off” — disclosing information that could prejudice an ongoing or potential law enforcement investigation into a customer’s activities.

Privacy International is campaigning against the UK’s data protection and digital information bill, which would give the government powers to monitor bank accounts to detect red flags for fraud and error in the welfare system.

The campaign group raised alarm around the “extraordinary” scope of these powers. It says they will set a “deeply concerning precedent for generalised, intrusive financial surveillance in the UK” by allowing financial companies to trawl through customer accounts without prior suspicion of fraud.

The group says it is particularly disproportionate that the powers will allow surveillance of state benefit recipients, as well as linked accounts such as those of partners, parents and landlords.

“This wide scope of data collection could create a detailed and intrusive view of the private lives of those affected,” Privacy International said in a letter to former work and pensions secretary Mel Stride.

When it comes to banks analysing their own customer data, advocacy officer Prudencio Ruiz says consent from customers must be “informed” in order to be valid and that they should understand which information might be used, how and to what end. But they also need to be presented with a real alternative.

“You need to be able to say OK, I don’t want to. What’s my option? And if the option is you won’t get the service, then that’s not consent.”

版权声明:本文版权归FT中文网所有,未经允许任何单位或个人不得转载,复制或以任何其他方式使用本文全部或部分,侵权必究。

造就埃隆•马斯克的神话

这位科技亿万富翁对唐纳德•特朗普的支持是其世界观的一部分,这种世界观来自硅谷最狂野的边界。

投资者警告称,强势美元将冲击新兴市场债券

新兴市场债务基金遭遇资金外流,因为发展中国家降息的希望破灭。

吉赛尔•佩利科,震惊法国的审判的核心人物

在法庭审理她如何被丈夫下药并被陌生人强奸时,她表现出了非凡的力量。

安东尼奥•科斯塔:“特朗普为什么要与欧洲打贸易战?”

欧洲理事会新任主席谈跨越政治分歧开展业务、面对腐败调查,以及为什么欧洲在危机中能发挥最大作用。

来自罗马的明信片:向好莱坞明星展示永恒之城秘密的“角斗士导游”

历史学家亚历山大•马里奥蒂是《角斗士II》的顾问,他兼职为汤姆•克鲁斯、比尔•盖茨和罗素•克劳做向导。

海上石油又回来了,但代价是什么?

在发生了历史上最严重的泄漏事故多年之后,公司为了寻找新的发现,正在钻探更深的海底钻井。
设置字号×
最小
较小
默认
较大
最大
分享×