Guard Your Customers’ Financial Data

The direct marketing of financial products and membership service programs to bank customers took a beating this year after a lawsuit against one of the nation’s largest banks, US Bancorp.

In June, US Bancorp, Minneapolis, was sued by the Minnesota attorney general for sharing too much customer information with a third-party marketing firm. By early July, US Bancorp agreed to a $3 million settlement.

To ensure your customers’ privacy and guard against such lawsuits, you must limit the amount of data shared with third-party marketing organizations and communicate your firm’s privacy policy on a consistent basis. Likewise, you may share selected customer data with third-party marketing firms, but only to perform the intended offer. Any back-end billing or collection procedures normally employed by a third party should now be employed by you. Failure to do so could end up costing you millions of dollars.

The direct marketing of financial products or membership services programs to affinity groups like bank customers is one way an organization can generate fee income outside of its core business. Many financial institutions, including banks, credit card companies, mortgage companies and credit unions, participate in programs with nonaffiliated companies to offer their own customers value-added products and services that ultimately generate fee income.

These programs often afford bank customers with broader access to valuable products and services that meet a growing segment of the population. Examples of fee income products include accidental death and dismemberment insurance, membership programs such as discount health services, and travel and shopper clubs.

Direct mail and telemarketing are the typical channels used to reach affinity groups. Direct mail response rates for accidental death and dismemberment insurance, for example, generally average between 0.5 percent and 1 percent; telemarketing response rates can be as high as 12 percent for membership service programs as well as for selected health insurance products. These campaigns performed two or three times a year for several years can generate fee income for an organization in excess of $2 million.

The lawsuit against US Bancorp made many firms, especially banks, stand up and take notice of information sharing practices largely because of the money that can be made from supplying data. And because of that, sharing your customers’ personal data, including such items as social security number, average deposit balance, gender and birth date, for example, are considered off limits. Therefore, in order to proceed with fee income programs, it is necessary to inform your constituents of your own privacy policy and allow them to opt out of these programs prior to engaging in any campaigns. Likewise, you should redirect the billing and collection methods performed mainly by third parties and take them inhouse so that no confidential customer information leaves your company.

In order to inform your constituents, you must first obtain a copy of your organizations’ privacy policy with respect to customer information sharing. If there is none, engage your legal or compliance area to draft one for your organization. Second, decide which method of delivery is best for your message to appear. For example, you could perform a postcard mailing to all customers in a household or provide an insert to their credit card bills or checking account statements. Third, allow for your constituents to opt-out of your information sharing practices with outside third parties. Direct them to write to your organization and provide their name, address, etc. Allow for a minimum 30-day response window and begin to create an opt-out database. This database is essential to exclude these customers from future offers you might make.

What about billing and collection methods? Well, here is where it gets a little complicated. Billing and collection normally handled by the third party is critical to ensure persistency and provide customer convenience. Pending legislation would prohibit the ability of a financial institution to share billion – or checking or credit card – numbers directly with a nonaffiliated third party marketing firm. There are, however, some exceptions.

In the past, these firms would obtain a customer’s checking or credit card number along with their name, address, etc., from your organization upfront, before they perform the direct mail or telemarketing campaign. They would then maintain these account numbers to match up with those customers who positively responded, process the billing and collect the appropriate funds. However, taking the billing and collection inhouse requires the following:

1. Generate a customer list for distribution to the third party from your company’s database – limit the information provided to only that of customer name, address and phone number, and any match keys necessary to track customers through the remaining campaign.

2. Have the third party perform the mailing or telemarketing to your customers. Once completed, they should gather all responders (anyone who agreed to the product offer).

3. The third party then prepares a responder file for return to your organization, including all necessary product information (i.e., cost) and match keys assigned on the outgoing file.

4. Match back the responder file to your database to identify the right customer and append the appropriate information to perform the billing process.

5. Create associated billing file – perform billing through normal automated clearing house procedures for checking account debits, or initiate an electronic file transfer to your credit card processor who will initiate the credit card transaction.

By performing the billing and collection procedures inhouse, you can more closely guard your customers’ data and limit customer complaints. Most importantly, you’ll be in a better legal position when any state attorney general decides to inquire about your data sharing policies.

Related Posts