Privacy: A guide for people Part 1 – Things your credit union can do

Privacy. Buzzword doesn’t even begin to describe it. You discuss it in your board meetings. It’s mentioned ad nauseam on news stories at every level.

It played a major role during the coronavirus pandemic. Conflicts between the right to privacy and informing fellow workers of infected persons raised a lot of ire.

Tracking exposed people using anonymous phone location data built maps where we could watch the virus spread. Was that a public health requirement or privacy violation? Or both?

We debate the details of privacy and what it means with respect to national security, crime, and business. In fact, privacy is a topic of discussion in nearly every area of life.

Yet why do we seem to have less of it than ever before?

This post will look at what privacy means for your credit union, your members, and how its perception evolves over time.

You’ve Been Logged

Of course, you’ve already been logged. “Let me count the ways…” Where do we even start?

For the more mundane, we’ve got cookies in your web browser. They help sites recognize you upon your return. This is what lets you “stay logged in” on Gmail or any other service.

We’ll get to the more interesting systems later.

Tracking for Good

Tracking isn’t inherently bad. You can’t personalize if you don’t have any knowledge on who is doing what. The key is to embrace your data to improve your experiences without getting creepy.

Cookies

From your standpoint, cookies are a fun tool. They can be used to remember members upon their return to your site. United Texas CU embraces this with their full-page assistant. You can take it even further by proactively offering assistance based on their previous visit actions. If a member visited your Checking page before, display your account options on the homepage.

The same can be done with auto loans, where you display your Car Buying Service and your “as low as” rate.

In a way, members feel recognized and appreciated. It’s not creepy and helps everyone. Think of it like the Recommended Items on your Amazon homepage.

There’s also 3rd party cookies, which follow you around the internet and are not in the same category at all. We look at those below.

Account Alerts

Did you know that in 2019, there was a 31% drop in average annual number of overdrafts per account? Unfortunately, it’s not because people suddenly had more money. Or that they could avoid overdrawing their accounts.

Bell

It’s been attributed, at least in part, to proactive account alerts: Push notifications from the banking app to warn on low balance. Does your app do that? Because others do it with a lot of style.

On one side, it will cost money to implement and reduce fee income. However, I believe the credit union mission demands it. There are a lot of other ways to grow revenues that don’t involve punishing those already least able to afford it.

From your member’s perspective, you are providing a helpful service that assists them in better managing their available funds. And saves money. Plus, it can be part of a financial literacy effort.

Account Insights

Some of the big banks have digital assistants in their apps to give additional insights. For example, Bank of America has Erica (Get it? Brilliant, right?).

You can ask Erica questions by text or voice, both using natural language. For example, you can say, “how much did I spend on groceries this month?” Or, “what are my recurring charges?”

Helping members get a better view on their money (and take actions on it) will keep you from becoming a “dumb bank”.

Tracking You May Not Know About

With our smartphones comes an impressive array of sensors and software systems. Put together, they can learn an insane amount of information about you.

We’ll talk about them, but there’s also other personal information you’re giving up without even realizing. Some you can restrict. Most you can’t.

Location

Your phone has GPS. So it knows where it is in the world. That means your cell phone provider also knows. Granted, it needs to so it can choose which tower to use (for rough location, they’ve always known).

Blue Location Pin

With apps, you can choose to allow them to access that location information. It’s helpful to find ATMs, use maps, or any of millions of other functions.

Did you know you can restrict this access? Your phone lets you choose whether the app can access your location at all, while it’s open, or always (yes, even when it’s not active at all).

For example, Bank of America asks for Always location access to match your phone’s location with card purchases. If your card is in Sacramento and you’re in Boston, there might be a problem.

Many apps ask for your location to sell that data to advertisers. You didn’t think that amazing game was free free, right?

Find your phone’s location privacy settings (iPhone: Settings/Privacy/Location Services). Lock it down as much as you can while still allowing desired functionality.

Beyond GPS

GPS is your primary location system on phones, but it’s not the only one. Bluetooth does more than connect to your headphones. It is a form of precise location as well.

This is done in two ways:

Bluetooth Icon
  • Detection of Bluetooth beacons installed in the environment around you
    • Example: In a clothing store, when their app is open, it may use these beacons to offer section-specific coupons.
  • Looking at every Bluetooth device around you and their signal strength or change over time
    • This is how Apple Maps determines traffic. Your iPhone listens for every other iPhone’s Bluetooth signal as you’re driving along. When it detects the GPS speed is slow and also many other iPhones, that’s a good indicator of traffic.

To address the issue of apps (like Facebook) using this Bluetooth data to get location information on you, even when you had Location Access off, Apple made apps get permission to use Bluetooth.

It’s another section in Privacy on your iPhone. Check it. Turn off those which aren’t using devices or services (while leaving it on for apps like Tile, which use it in the background to help others find their stuff).

There’s a whole lot more we can discuss on the topic of location data from phones/watches:

  • The accelerometer knows how and where it’s being held/carried
  • The gyroscope can detect how it moves in an environment
  • In theory, this data can show limps, desired accessories (purses, pockets, etc.), activity levels, or other potential health characteristics

Yeah, it gets a little nuts. But it’s happening. My main advice here? Only install apps from companies you generally trust and keep access permissions as low as possible while preserving app functionality.

Data Scraping

There’s a reason the Privacy section of your iPhone has categories beyond Location. Apps can collect an enormous amount of data from users, some without their knowledge (hence why there’s so many privacy sections).

This can include contact lists (known good e-mails, addresses, and phone numbers), recordings from around you (yes, some apps really are listening!), photos or camera, and more. Each requires permission.

For your financial institution, you don’t have to worry about this from your app. However, it’s good to know what’s possible. In some way, you might wish to use certain functions to improve member experience.

Advertising

It’s unlikely your mobile app has ads, beyond internal banners for financial services. A lot of others do. While I get that a “free internet” needs ads to fund it, we can do better.

Rogue ads that get into rotation on services like Google’s Double-click or Adsense networks can cause issues. They may collect data and send it back to sites for distributing malware, phishing messages, and more.

I use Lockdown on my iOS devices to block many of those servers straight up. Within Safari, I also run Firefox Focus as a privacy filter (perhaps overkill, but there’s no harm).

Analytics

Even apps without ads might have some form of tracking. Under the guise of “analytics”, some apps collect a large amount of usage data. Why? To sell it, of course!

3rd Party Cookies

Cookies again? Yes. They’re not just for the website you’re visiting. 3rd party cookies, which I’ve been blocking for many years (it’s a simple browser setting), track you across the internet.

These are one of the tools advertisers use to show ads for that beach chair you looked at a week ago on every other site. And it’s going away.

Google recently announced they’re removing support for 3rd party cookies in Chrome by 2022. So no more ads? Not quite.

First, this only affects Chrome (~60% of desktop browsers in US). Firefox and Safari blocked 3rd party cookies by default for a while now. Second, it doesn’t affect their own ads. Why?

Because if you’re using the (Google) Chrome browser, they’ve already got all the tracking data they need. This change won’t hurt them one bit. In fact…

In my opinion, Google is doing this to build their own business. They’re making it harder for other advertisers to gather data, while ensuring they’ll have the most personalized ads to display.

Why would your credit union care about this change? Well, it affects your marketing strategy. If you’ve been using targeted ads across the web, it may require a rethink.

Of course, with our company’s Learning Library and laser-focus on providing honest, quality content, we lean towards the old-school SEO path. It’s not just us suggesting that strategy, either.

How to deal with this upcoming change? Connect with members. Produce great content. Share on social media. Use e-mail, text (SMS), and notifications, when appropriate. Don’t just say you’re unique. Be it.

Changing Norms

Finding this balance between “invading” privacy (through any means) and providing a useful service is a challenge.

It’s also essential to your future. At the same time, norms regarding what information can be shared is changing.

People are now ok with some forms of data exchange (I give you my information for this service).

My intention in this post was to expose you to just some of the methods in use today for tracking. And give you something to think about regarding member privacy.

Part 2 Dives Deeper

We went far enough today. This topic can cover books and still just scratch the surface. It’s changing all the time, both on the tools at your disposal and the strategies taken to get more data.

The second part of this Privacy Guide is going to look at individual risks. We will review privacy settings on phones, discuss some recent hacks that will make you rethink posting “Public”, and preventative tools to lock down your online and real-world presence.

Why, as a credit union, would you care about these things? Great question. First, you’re a person, which means all this applies to you, too. Plus, as a credit union, you aim to protect members’ financial lives.

We will also look at ways your credit union can share information to enhance the member experience. You won’t be alone; it’s already a big deal.

Data is a huge part of every aspect of life. We must ensure it’s moved, secured, and treated with care.

Be sure to Subscribe to CU Geek so you don’t miss any posts! Also, follow me on Twitter, where I share all sorts of intriguing content. And geek out about Doctor Who. Team TARDIS for life!

Joe Winn

Joe Winn

What do you get when you mix auto loan programs with a desire to help others? Well, approaches that make a difference, of course. So what do you get when ... Web: credituniongeek.com Details