What are banks doing with your financial data? | 银行如何处理你的财务数据? - FT中文网
登录×
电子邮件/用户名
密码
记住我
请输入邮箱和密码进行绑定操作:
请输入手机号码,通过短信验证(目前仅支持中国大陆地区的手机号):
请您阅读我们的用户注册协议隐私权保护政策,点击下方按钮即视为您接受。
数据

What are banks doing with your financial data?
银行如何处理你的财务数据?

Your transactions reveal a lot about you as a person — it could be valuable information | 银行和支付公司积累了大量有关客户金融行为的数据,这些数据的回报诱人。他们计划如何处理你的财务数据?安全吗?对此你能做些什么?
“To the 12,750 people who ordered a single takeaway on Valentine’s Day. You OK, hun?”
“致12750名在情人节点了一人份外卖的人。你还好吗,嗯?”
Stuck up on London underground trains by Revolut in 2019, the damning question was the fintech’s tongue-in-cheek attempt to show off its close relationship with customers.
2019年,Revolut在伦敦地铁列车上打出了这一令人震惊的问题,这家金融科技公司试图用开玩笑的方式展示自己与客户的亲密关系。
The ad sparked a backlash, with many taking to social media to call out not only its patronising, “single-shaming” tone, but the fact that Revolut’s private bank transaction data could be so casually publicised.
这则广告引发了强烈反弹,许多人在社交媒体上大肆挞伐,不仅指责其颐指气使、“羞辱单身”的语气,还指责Revolut的私人银行交易数据可以如此随意地公开。
The PR disaster serves as a cautionary tale of the sensitivities around customer data in financial services, where trust and privacy are paramount to the client relationship.
这场公关灾难警示了金融服务中客户数据的敏感性,在金融服务中,信任和隐私对客户关系至关重要。
Banks and payment companies have amassed a trove of data about clients’ financial behaviour, the rewards of which are too tempting to overlook.
银行和支付公司积累了大量有关客户金融行为的数据,这些数据的回报太诱人了,让人难以忽视。

For banks and payments companies, the question is no longer whether they can leverage their data, but how and when they will seize this opportunity

Andreas Schwabe, Alvarez & Marsal

对于银行和支付公司来说,问题不再是他们是否可以利用自己的数据,而是他们将如何以及何时抓住这个机会

安德烈亚斯•施瓦贝,Alvarez & Marsal
While more conservative banks devote resources to “indirectly monetise” their customers’ information by offering them better-suited offers and products, the boldest disrupters — fintechs such as Revolut, Klarna and PayPal, as well as the US bank Chase — are experimenting with selling anonymised data to advertisers.
当较为保守的银行通过向客户提供更适合的优惠和产品来将客户信息“间接货币化”时,最大胆的颠覆者——Revolut、Klarna和PayPal等金融科技公司以及美国大通银行——正在尝试向广告商出售匿名数据。
Andreas Schwabe, managing director at consultants Alvarez & Marsal, describes the sector as being at at a “critical juncture” with regards to its use of customer data, either for internal or external purposes.
Alvarez & Marsal咨询公司董事总经理安德烈亚斯•施瓦贝(Andreas Schwabe)认为,银行业正处于将客户数据用于内部或外部目的的“关键时刻”。
“For banks and payments companies, the question is no longer whether they can leverage their data, but how and when they will seize this opportunity — and who will emerge as the frontrunner in this rapidly evolving landscape,” he says.
他说:“对于银行和支付公司来说,问题不再是他们是否可以利用自己的数据,而是他们将如何以及何时抓住这个机会,以及谁将在这个快速发展的环境中成为领跑者。”
So what exactly do banks and payment providers plan to do with your financial data? Is it safe? And is there anything you can do about it?
那么,银行和支付提供商计划如何处理您的财务数据呢?安全吗?对此你能做些什么吗?


The value of our financial data has been recognised for decades. “Information about money has become almost as important as money itself,” observed former Citibank chief executive Walter Wriston in 1984. Though his efforts to position the lender as a competitor to data companies such as Bloomberg largely failed, the adage is truer now than ever.
几十年来,我们的金融数据的价值已得到认可。花旗银行前首席执行官沃尔特•克里斯顿(Walter Wriston)在1984年指出:“有关金钱的信息几乎与金钱本身一样重要。”尽管他将花旗银行定位为彭博社等数据公司的竞争对手的努力在很大程度上失败了,但这句格言现在比以往任何时候都更加真实。
As the use of cash falls, more of our lives are recorded in the form of electronic payments. From friend and business networks to spending on everything from luxury handbags to charitable donations to gambling and pornography sites, much can be revealed about a person from their bank account and transaction history.
随着现金使用的减少,我们生活中更多的事情都以电子支付的形式记录下来。从朋友和商业网络,到奢侈品手袋、慈善捐款、赌博和色情网站等各种消费,从一个人的银行账户和交易记录中可以看出他的很多信息。
The use of personal data is regulated differently across Europe and the US. UK legislation splits data into two categories. Sensitive, or “special category”, data includes information about racial or ethnic origin, genetics, religion, trade union membership, biometrics, health and sexual orientation. The rest is classified as non-sensitive data, which is easier for companies to handle.
欧洲和美国对个人数据的使用有着不同的规定。英国立法将数据分为两类。敏感数据或“特殊类别”数据包括有关种族或民族血统、遗传学、宗教、工会会员身份、生物识别、健康和性取向的信息。其他数据被归类为非敏感数据,这对公司来说更容易处理。
Transaction data is not inherently sensitive, but protected characteristics can be gleaned through analysis and enrichment — the process of improving the value of existing data by adding new or missing information.
交易数据本身并不敏感,但可以通过分析和丰富——即通过添加新信息或缺失信息来提高现有数据的价值——来收集受保护的特征。
Karla Prudencio Ruiz, an advocacy officer at the research non-profit group Privacy International, gives the example of a banking customer who pays school fees at a faith school, suggesting their religion; or someone spending regularly at the oncology unit at a hospital, providing information about their health. “You can deduce things,” she says.
非营利研究组织隐私国际(Privacy International,)的宣传官员卡拉•普鲁登西奥•鲁伊斯(Karla Prudencio Ruiz)举例表示,银行客户在一所宗教学校支付学费,这表明了他们的宗教信仰;或者某人经常在医院的肿瘤科消费,这提供了他们的健康信息。她说:“你可以推断出一些事情。”
Some fintech executives have stated that a more integrated use of customer data could shift their business model. Undeterred by its Valentine’s Day mishap, Revolut is in talks to sell advertising space on its app to brands. Antoine Le Nel, its head of growth, told the FT in April that the fintech could become a true media and advertising business in the future.
一些金融科技公司的高管表示,更全面地利用客户数据可能会改变他们的商业模式。Revolut并没有因为情人节的失误而气馁,它正在洽谈向品牌商出售其应用程序上的广告空间。Revolut的发展主管安托万•勒内尔(Antoine Le Nel)今年4月告诉英国《金融时报》,这家金融科技公司未来可能成为一家真正的媒体和广告公司。
In order to sell this to advertisers, the company, which received a UK banking licence over the summer, is looking to increase the time its customers spend browsing its financial app. Like social media companies, it keeps a close eye on its customer “engagement” metric.
为了向广告商出售广告空间,这家在今年夏天获得英国银行牌照的公司正在寻求增加客户浏览其金融应用程序的时间。与社交媒体公司一样,该公司也在密切关注客户的“参与度”指标。
Chad West, a former employee of Revolut who led its Valentine’s Day campaign, describes the ad as an “error”.
查德•韦斯特(Chad West)是Revolut的前雇员,曾领导过情人节活动,他认为这则广告是一个“错误”。
“Regardless on whether the data was aggregated or fake, it gave the impression that finance firms snoop on your every move and transaction, which is not the case.”
“不管这些数据是汇总的还是伪造的,它都给人一种金融公司窥探你一举一动和交易的印象,而事实并非如此。”
But, he adds, the fintech’s current plan to advertise from within its banking app carries the risk of annoying customers and tarnishing its reputation for a great user experience.
但他补充说,这家金融科技公司目前在其银行应用程序内做广告的计划有可能会惹恼客户,并损害其良好用户体验的声誉。
“It’s crucial that they perform solid due diligence on what the short-term impact could be, such as an exodus of privacy conscious customers, versus the long-term impact, such as a loss of trust in the event of a data leak or poor privacy controls.”
“至关重要的是,他们要对可能产生的短期影响(如隐私意识较强的客户外流)与长期影响(如数据泄露或隐私控制不力导致的信任缺失)进行扎实的尽职调查。”
Zilch, another UK fintech, has built its business model on this premise. The company, which is backed by eBay and Goldman Sachs and has about 4mn customers, makes money from targeted advertising based on its transaction data which it uses to subsidise the cost of credit for consumers with zero-interest loans.
英国另一家金融科技公司Zilch就是在这一前提下建立了自己的商业模式。该公司得到了eBay和高盛的支持,拥有约400万客户。这家公司通过基于交易数据的定向广告赚钱,并利用这些收入来补贴消费者的零息贷款成本。
“We’re actually an ad platform that’s built a credit proposition on top of it,” chief executive Philip Belamant told the FT in June. 
首席执行官菲利普•贝拉曼特(Philip Belamant)今年6月对英国《金融时报》说:“我们实际上是一个广告平台,并在此基础上建立了信贷主张。”


For all the enthusiasm, the nascent offerings are yet to prove a game-changer for banks. For Tom Merry, head of banking strategy at Accenture, a consulting firm, their benefits can be overplayed while the challenges are not necessarily worth the potential rewards.
尽管人们对此充满热情,但这些新生产品尚未证明能改变银行的游戏规则。对于咨询公司埃森哲银行战略主管汤姆•梅里来说,他们的好处可能被夸大了,而面临的挑战不一定值得潜在的回报。
“Banks are sat on tonnes of what I would call ‘nearly useful data’,” he says, referring to “large volumes of aggregated anonymised socio-economic cohort and transaction data” that can become more valuable through enrichment.
他说:“银行掌握着成吨的‘几乎有用的数据’,”他指的是“大量匿名社会经济群组和交易数据”,这些数据可以通过丰富变得更有价值。
“Sometimes people over-emphasise the value of that nearly useful data,” he continues. Banks have it, but also retailers and third party databases as well as loyalty scheme providers. “People can get it from elsewhere, probably as deeply and without having to go into the complex web of integrating with banks.”
他继续说道:“有时人们过分强调这些几乎有用的数据的价值。”。银行拥有这些数据,但零售商和第三方数据库以及忠诚度计划提供商也拥有这些数据。“人们可以从其他地方获得,可能同样深入,而不必进入与银行整合的复杂网络。”
Merry says that making substantial money from monetising data would require “scale” and “a sufficiently differentiated set of insights that people would pay a higher margin for it”. Otherwise, he says, “it’s probably not going to change the profile of a bank’s business model”.
梅里表示,要从数据货币化中赚取可观的利润,需要“规模”和“足够与众不同的洞察力,人们会为此支付更高的利润率”。他说,否则,“这可能不会改变银行的业务模式”。
Lloyds Banking Group sees the monetisation of its 26mn customers’ financial data as an area of growth. The retail bank launched a “customer insights” team in 2022 that has grown to 40 employees.
劳埃德银行集团将其2600万客户的金融数据货币化视为一个增长领域。这家零售银行于2022年成立了一个“客户洞察”团队,目前已有40名员工。
Lucy Stoddart, managing director of Lloyds’ global transaction solutions, said one example of this was analysing aggregated and anonymised customer data around shopping habits to provide insights to commercial real estate landlords and help them make better-informed strategic decisions.
劳埃德银行全球交易解决方案董事总经理露西•斯托达特(Lucy Stoddart)表示,其中一个例子是分析围绕购物习惯的汇总和匿名客户数据,为商业房地产房东提供见解,帮助他们做出更明智的战略决策。


The potential for data breaches risks damaging the trust between customers and the institutions holding and managing their money.
数据泄露的潜在风险会损害客户与持有和管理其资金的机构之间的信任。
A report by consultancy Thinks Insights and Strategy found that people perceive sharing their credit and debit transactions as more risky than other types of data, including health information, because the benefits of doing so are less clear.
咨询公司Thinks Insights and Strategy的一份报告发现,人们认为共享信用和借记交易比其他类型的数据(包括健康信息)风险更大,因为这样做的好处不太明显。
Young people aged between 18 and 24 years tend to worry about data sharing less than their older peers. However, that may be because they have been sharing it their whole lives, according to the Office for National Statistics.
与年龄较大的同龄人相比,18至24岁的年轻人对数据共享的担心往往较少。不过,根据国家统计局的数据,这可能是因为他们一生都在分享数据。
Donna Sharp, a managing director at MediaLink, which helps companies including in financial services to run media campaigns, says analysing customer data is an essential part of the service that banks and payment companies provide.
MediaLink的董事总经理唐娜•夏普(Donna Sharp)表示,分析客户数据是银行和支付公司提供的服务的重要组成部分。MediaLink帮助包括金融服务在内的公司开展媒体活动。
“The reality is that all these financial institutions have your data; you want them to [have it]. It protects you,” says Sharp. She gives the example of banks figuring out whether a card was stolen via behavioural pattern analysis and geolocation data.
夏普说:“现实情况是,所有这些金融机构都有你的数据;你希望他们(拥有这些数据)。这可以保护你。”她举了一个例子,银行通过行为模式分析和地理位置数据来确定银行卡是否被盗。

[As] more data flows, what you end up with over time . . . is much more personal pricing: you get the right price for you based on your credit risk

Justin Basini, ClearScore

(随着)更多数据的流动,随着时间的推移......你最终得到的是更加个性化的定价:根据你的信用风险,你会得到适合你的价格

贾斯汀•巴西尼,ClearScore
The challenge, she says, is fostering greater “transparency and understanding of how that might be used and what’s the value to you.” She believes consumers are generally fine with their data being used as long as they can see the benefits trickle down to them. 
她表示,目前的挑战是提高“透明度,让人们了解如何使用这些数据,以及这些数据对您的价值”。她认为,只要消费者能看到好处逐渐惠及他们,他们一般都能接受。
“If [I’m getting] 10 per cent off a trip I want to go on, I’m not mad that you brought that information to me,” says Sharp.
夏普说:“如果我想去的旅行能获得10%的折扣,我不会因为你把这些信息带给我而生气。”
In the UK, the open banking industry, which allows financial companies to access to non-anonymised bank data with the permission of customers, was built on the promise that sharing data in this way would foster greater competition and ultimately benefit customers.
在英国,开放银行业允许金融公司在获得客户许可的情况下访问非匿名银行数据,其基础是以这种方式共享数据将促进更大的竞争并最终使客户受益。
Justin Basini, chief executive of credit report company ClearScore, says data-sharing technology can allow lenders to access information previously only accessible by banks, known as “current account turnover”, in addition to credit reports and scoring. Seeing a fuller picture of prospective borrowers’ financial health allows lenders to adjust their rates and extend credit to more people.
信用报告公司ClearScore的首席执行官贾斯汀•巴西尼表示,除了信用报告和评分外,数据共享技术还可以让贷款人访问以前只有银行才能访问的信息,即“经常账户周转率”。看到潜在借款人财务健康状况的更全面情况,可以让贷款人调整利率,并向更多人提供信贷。
“[As] more data flows, what you end up with over time . . . is much more personal pricing: you get the right price for you based on your credit risk, and you’re not bucketed with other people,” says Basini.
巴西尼说:“(随着)更多数据的流动,随着时间的推移......你最终得到的是更加个性化的定价:根据你的信用风险,你会得到适合你的价格,而且你不会和其他人被混在一起。”
“If the market is basically more able to discriminate risk because there’s more data around, everybody gets a fairer price.”
巴斯尼说:“如果市场因为有了更多的数据而从根本上提高了辨别风险的能力,那么每个人都能得到更公平的价格。”
ClearScore also gives “credit health” scores by using open banking to analyse transaction data to show customers how specific payments such as gambling may affect their options with lenders. Under open banking legislation, ClearScore requires explicit permission from consumers, which has to be renewed every 12 weeks through various loops including ID checks.
ClearScore还利用开放银行分析交易数据,为客户提供“信用健康”评分,向客户展示赌博等特定支付行为会如何影响他们在贷款机构的选择。根据开放银行立法,ClearScore需要消费者的明确许可,并且每12周必须通过包括身份证检查在内的各种循环重新获得许可。


Stopping your financial data from being used by your bank or payment provider is tricky. In the UK, any company handling customer data has to comply with a variety of rules. For instance, they need opt-in consent from customers and a legitimate reason to use their data. Claire Edwards, data protection partner at law firm Addleshaw Goddard, says another important principle they need to stick to is “data minimisation” — not collecting more information than is needed.
阻止银行或支付提供商使用您的财务数据非常棘手。在英国,任何处理客户数据的公司都必须遵守各种规则。例如,他们需要获得客户的同意,并有合法理由使用他们的数据。Addleshaw Goddard律师事务所数据保护合伙人克莱尔•爱德华兹(Claire Edwards)表示,他们需要遵守的另一个重要原则是“数据最小化”——不收集超出需要的信息。
But this only applies to data that identifies people.
但这只适用于能识别个人身份的数据。
“Once it’s anonymised, it falls outside our regime. The banks are probably already doing whatever they want with that,” she says. “As a consumer you can’t really opt out of that.”
“一旦匿名,就不在我们的监管范围内。银行可能已经在做任何他们想做的事情了。”她说,“作为消费者,你无法真正选择退出。”
Under UK privacy law, individuals can send “data subject access requests” (DSARs) to ask companies if they are using and storing their personal data, and request copies of this information. Companies have 30 days to respond under the Data Protection Act.
根据英国隐私法,个人可以发送“数据主体访问请求”(DSAR),询问公司是否在使用和存储他们的个人数据,并要求提供这些信息的副本。根据《数据保护法》,公司有30天的时间做出回应。
One high-profile case saw politician Nigel Farage send such a request to private bank Coutts after it closed his account. The bank was then obliged to send him a dossier that revealed its reputational risk committee had accused him of “pandering to racists” and being a “disingenuous grifter”.
在一个备受瞩目的案例中,政客奈杰尔•法拉奇(Nigel Farage)在私人银行Coutts关闭其账户后向该银行发出了这样的请求。该银行随后不得不向他发送了一份档案,其中显示其声誉风险委员会指责他“迎合种族主义者”,是一个“虚伪的骗子”。
15%Increase in complaints about data subject access requests in the year to April 2024
15%截至2024年4月的一年中,有关数据主体访问请求的投诉有所增加
Customers dissatisfied with DSARs can also complain to the Information Commissioner’s Office, the UK’s privacy watchdog. Such claims have jumped 15 per cent in the year to the end of April, a freedom of information request sent by consultancy KPMG found. Complaints about financial companies’ responses to DSARs made up the largest share of the total, ahead of the health sector.
对DSAR不满意的客户还可以向英国隐私监管机构信息专员办公室投诉。咨询公司毕马威(KPMG)发出的信息自由申请发现,截至4月底的一年中,此类投诉猛增了15%。关于金融公司对DSAR回复的投诉在总数中所占比例最大,超过了卫生部门。
This could be because financial companies — and particularly banks built on a patchwork of IT systems — may struggle to source data quickly and present it in a readable way. They also have to leave out information that may breach anti-financial crime regulations. Bank employees are criminally liable for “tipping off” — disclosing information that could prejudice an ongoing or potential law enforcement investigation into a customer’s activities.
这可能是因为金融公司,尤其是建立在零散IT系统基础上的银行,可能难以快速获取数据并以可读的方式呈现。此外,它们还必须删除可能违反反金融犯罪法规的信息。银行员工如果“告密”——披露可能妨碍正在进行或可能进行的客户活动执法调查的信息——将承担刑事责任。
Privacy International is campaigning against the UK’s data protection and digital information bill, which would give the government powers to monitor bank accounts to detect red flags for fraud and error in the welfare system.
隐私国际正在反对英国的数据保护和数字信息法案,该法案将赋予政府监控银行账户的权力,以发现福利系统中欺诈和错误的危险信号。
The campaign group raised alarm around the “extraordinary” scope of these powers. It says they will set a “deeply concerning precedent for generalised, intrusive financial surveillance in the UK” by allowing financial companies to trawl through customer accounts without prior suspicion of fraud.
该运动组织对这些权力的“非凡”范围提出了警告。该组织称,这些权力将允许金融公司在没有欺诈嫌疑的情况下搜查客户账户,从而为“英国普遍的、侵入性的金融监控开创了一个令人深感忧虑的先例”。
The group says it is particularly disproportionate that the powers will allow surveillance of state benefit recipients, as well as linked accounts such as those of partners, parents and landlords.
该组织称,尤其不相称的是,这些权力将允许对国家福利金领取者以及伴侣、父母和房东等关联账户进行监控。
“This wide scope of data collection could create a detailed and intrusive view of the private lives of those affected,” Privacy International said in a letter to former work and pensions secretary Mel Stride.
隐私国际在致前工作和养老金部长梅尔•斯特德的一封信中表示:“这种广泛的数据收集可能会对受影响者的私人生活产生详细而侵入性的影响。”
When it comes to banks analysing their own customer data, advocacy officer Prudencio Ruiz says consent from customers must be “informed” in order to be valid and that they should understand which information might be used, how and to what end. But they also need to be presented with a real alternative.
在谈到银行分析自己的客户数据时,宣传官员普鲁登西奥•鲁伊斯(Prudencio Ruiz)表示,客户的同意必须是“知情”的,这样才有效,他们应该了解哪些信息可能会被使用,如何使用以及使用的目的是什么。但同时也需要向他们提供真正的替代方案。
“You need to be able to say OK, I don’t want to. What’s my option? And if the option is you won’t get the service, then that’s not consent.”
“你需要能够说好的,我不想。我有什么选择?如果选择是你不会得到服务,那么这不叫同意。”
版权声明:本文版权归FT中文网所有,未经允许任何单位或个人不得转载,复制或以任何其他方式使用本文全部或部分,侵权必究。

Lex专栏:投资者厌倦了“画饼式”能源转型公司

无论战略多么高瞻远瞩,股东的耐心都会被消磨殆尽。

在特朗普执政期间,加密货币监管需要经过深思熟虑的重新审视

期待已久的公共政策支持可以提升美国在区块链技术、人工智能和加密货币领域的领导地位。
15小时前

特斯拉努力避免取消马斯克薪酬方案的高昂成本

如果这家电动汽车制造商和首席执行官被迫放弃2018年的交易,他们可能会面临超过1000亿美元的会计和税务费用。

企业该如何监督员工使用人工智能

员工采用大型语言模型的速度快于企业发布相关指引的速度。

宗教电影成为好莱坞艰难之年的救命稻草

得益于宗教节目、动漫和老电影,小型电影发行商Fathom Events的收入增长45%。

梅洛尼加紧敲定预算,巩固市场对意大利财政的信心

意大利议会本周将就2025年预算展开辩论。投资者对梅洛尼能够控制国家财政持乐观态度,并以反映这种信心的价格购买意政府债券。
设置字号×
最小
较小
默认
较大
最大
分享×