Data Sharing Without Sharing Data. Now That's Collaboration!
Posted by Andre Edelbrock on Fri, Sep 10, 2010
 Facilitated collaboration, with formally structured protocols, makes legal and ethical data sharing possible. Doing it requires a system that makes sure all the participants can benefit from one another’s transaction experiences while not passing around the data itself. |
Last week, I participated in a roundtable session on ‘data sharing’ at the Merchant Risk Council’s inaugural European e-Commerce Payments and Risk Conference in Amsterdam. It was a great opportunity to exchange insights with other industry leaders from many countries.
Data sharing is great!
Imagine if there were no restrictions on what we could share to stop fraud. Walmart and Amazon would tell each other when they caught a fraudster, what email was used, his IP location, what was attempted to be purchased, when it happened, dollar value, name, credit card number, etc. No fraudster would ever succeed at stealing more than once or twice, and we'd have good enough pattern recognition and linked data that in many cases, we'd stop them before they tried to use a compromised card, account or data the first time.
That's the real promise and power of data sharing.
But sharing data? Yikes!
Unfortunately, we live in the real world, and companies don't just hand each other their customer and sales data. The reality is that sharing has its limits, and it's those limits that allow so much fraud to slip through our fingers. It's the fear of what the term 'data sharing' implies that often prevents us from doing anything at all.
In our discussions with merchants, card issuers, bank, payment processors, acquirers and the like we found that 'data sharing' implies informality and lack of structure, which immediately raises concerns about privacy, security, data integrity and trust.
The term also raises legal concerns about what data, if any, can be shared. This is particularly true in Europe, which has stricter controls and regulations around privacy and varies by jurisdiction. Legal authorities and governments often assume that ‘data sharing’ means that account information is simply passed around between private parties with no regard for the individual's rights.
(For more on this see discussion in FinExtra about "unauthorized access" -- which is exactly the fear that sharing conjures up, and part of the reason that the Data Protection Act exists.)
When we collaborate, we can share experiences and knowledge without sharing the data
"What", you say?! That's some fancy verbal gymnastics. But, there is much truth that if we think about data sharing and the value it can provide differently, and expand the concept to one of collaboration where independent management, structure and governance are applied, we can escape the trap that everyone thinks data sharing is a great thing in theory, but few want to subscribe to it in practice.
Ethoca prefers the term 'facilitated collaboration', with a full set of formally structured protocols to make legal and ethical data pooling possible. It’s a system that makes sure all the participants can benefit from one another’s transaction experiences while not passing around the data itself.
That means things like the strictest conformance to PCI across all PII, highly secured access, the management, auditing and certification of data integrity by independent authorities, access to information and anonymized experiences not the data itself.
Strict protocols build trust
Ethoca has already proved that facilitated collaboration can work on a large scale. Our strict protocols build trust among the participants. The merchants, issuers and other stakeholders know the data can't be mined for marketing purposes or accessed for any purpose other than fraud/risk management. The information is hashed and encrypted so that even Ethoca security experts can’t see personally identifying information. Participants also get large benefits, being able to leverage one another’s payment and fraud experiences and stop ecommerce fraud that they’d never catch otherwise.
So is the difference between ‘sharing’ and ‘collaboration’ only a matter of semantics? No. As my colleague Darryl Green wrote recently, collaborative fraud prevention is the future – and trust is the key.
Your turn
We'd love to hear about your experiences with data sharing. Why has it worked or not worked for you? What value would you get from facilitated collaboration versus data sharing? Please share your feedback in the comments below.