by Mark Mandel
July 18, 2012 (TSR) – Banks, government institutions, insurers and ecommerce businesses are using your social media output to control your access to money, goods and services, sounds scary right!
OK let me give you an obvious positive instance of how social media monitoring can be good for society. Incidents like these give lobbyists and corporations ammunition to fight against online privacy reform.
A rioter, in the 2011 London UK riots, goes out and steals lots of electrical items from a looted electrical goods chain-store, then goes on Facebook and posts a picture of himself posing with stolen booty. It actually happened.
He found quickly that whatever privacy settings you have, if you share on the internet very little is private. Theft is a crime, but privacy laws dictate that he his right to privacy, which should mean that pictures posted “privately” should not be admissible as evidence in court. The good of society was served by prosecuting a thief. In fact, as surprising as it may seem, lots of criminals post activity on social media websites. It’s a catch 22 however; the same politics that give the government the right to violate the supposed privacy of the thief are the clauses that give governments and institutions the right to skirt the privacy of average citizens.
Now let’s move into the much murkier world where everything is not quite so black and white in the data relationship between consumers and institutions. Here are some ways corporations are using your social media data to affect their own business decisions.
You Are Who You Say You Are
Social Media is increasingly being used to validate your existence and taking over from more traditional data sources such as voter register or telephone number databases. This check is typically used when you are setting up a new account. For some businesses, for example dating websites this is a key stage used in preventing Dating Fraud. This is now even moving into loans, with banks are using social media to validate people are who they claim, by using Trackur – one of several companies who consume the social media data stream and present sentiment analysis to their clients.
Is this a valid check? Do you think you should have to be on Facebook in order to get a loan or buy on the web?
Your Social Media Posting Matches What You Told Them Directly
Once they know who you are, the next step is to validate what you have told them on the application form against what your social media output states. If you have shared your income details with the institution, then they may have expectations of things they may or may not find within your social media stream, like have you gone on holiday, what do you say about your job.
For fraud prevention institutions like local government in the UK are using this to validate benefit claims. Posting your wedding photos on Facebook sounds like a good idea, unless of course you are a benefits cheat like this women who posted wedding photos online when she was claiming benefits as a single mother.
You are Acting Honestly
If an institution believes that you may be involved in fraudulent activity, for example an insurance company would be very interested in your photos if you had claimed a disability after an accident but have Facebook photos of you waterskiing.
Here is a great video summary of how the insurance industry is validating claims on social media.
Other examples would be people “wardrobing” that is buying clothes on ecommerce sites, wearing them once and then returning them. If they post public pictures of themselves wearing the clothes at a party, then they may well find they won’t receive a refund and their chargeback is rejected.
Your Circumstances Have Changed
This is still probably technology that is not quite there yet, but without a doubt it is on its way, if you say “I was fired today” on Facebook should that then be picked up by your bank or affect your credit rating so get a pre-emptive call from credit control?
Data Protection for Social Media Data
We had a data-protection model up until the social media revolution began, which controlled PII, which is the industry abbreviation for Personal Identifiable Information. That is, any data that identifies you, such as name, date of birth or address. In the EU and USA, we have strict data-protection rules, which basically boil down to, institutions should only hold valid data on you and they should use it appropriately. In this data model, consumers decided what data to share with institutions and which third-party data sources intuitions could use as part of the relationship, such as, credit history, vehicle history, personal references, medical records or criminal records. There are clear rules and retribution for breaking them, like this police officer who misused police computer to find vulnerable victims.
With Social Media we have a whole new data relationship between people and institutions. Consumers are sharing information, sometimes knowingly with brands, by for example, liking their Facebook page, but for the most part unknowingly. Consumers do not know which institutions they are sharing data with, nor what these institutions are doing with it, nor how it affects their decisions to interact with those consumers.
Indeed the institutions may not be holding the data; if it’s hosted on Facebook then data protection legislation does not apply. On both sides of the Atlantic legislators are way behind the fast moving marketplace for social media data. To illustrate how far behind, in the UK we have the Levenson inquiry into media and voicemail phone hacking. I mean, do the majority of people under 20 even know that mobile/cell phones come with voicemail!
I understand that prevention of fraud and other crime provides a strong argument for social media data to be checked and used. However right now there are really very few rules about its collection and use. If various fraud teams find your data useful, why not every other department in the institution? More importantly, will they only use what is relevant and use it fairly, when right now there are no sanctions on the use of social profile data at all?
Evolving Faster Than Bereaucracy
We know that fraud also comes in waves. Fraudsters are constantly learning, as the “low-hanging fruit” of the fraud “industry” are prosecuted, fraudsters will become more aware of their social media activity and its risks to them.
Even for fraud prevention we need checks and balances in how this is used. Facebook updates aren’t the same as filling in an application for a bank loan, the information is not validated it may be just a joke or the bank may not be checking your status, but the status of someone else with the same name. If my credit history is incorrectly updated I have the right to view and correct it. If I don’t know my social media data is being used, then where are the controls and access to redress, say for example in the case where my Facebook account was hacked and incorrect status updates added?
We need an open discussion on how our Social Media data can be used in the decision-making processes that control our access to money, goods and services and we need our legislators to wake up to the real world and provide checks and balances on its use and retribution for misuse.
AUTHOR: Mark Mendel
Mark Mandel is a card payment and anti-fraud consultant for e-commerce, retail and finance businesses and is based in London UK. You can read more about fraud prevention at Mark’s blog, Anti Fraud Advice.
Source: Social Media Sun