Recherche avancée

Sur d’autres sites (3093)

• Overcoming Fintech and Finserv’s Biggest Data Analytics Challenges

  13 septembre 2024, par Daniel Crough — Banking and Financial Services, Marketing, Security

  Data powers innovation in financial technology (fintech), from personalized banking services to advanced fraud detection systems. Industry leaders recognize the value of strong security measures and customer privacy. A recent survey highlights this focus, with 72% of finance Chief Risk Officers identifying cybersecurity as their primary concern.

  Beyond cybersecurity, fintech and financial services (finserv) companies are bogged down with massive amounts of data spread throughout disconnected systems. Between this, a complex regulatory landscape and an increasingly tech-savvy and sceptical consumer base, fintech and finserv companies have a lot on their plates.

  How can marketing teams get the information they need while staying focused on compliance and providing customer value ? 

  This article will examine strategies to address common challenges in the finserv and fintech industries. We’ll focus on using appropriate tools, following effective data management practices, and learning from traditional banks’ approaches to similar issues.

  What are the biggest fintech data analytics challenges, and how do they intersect with traditional banking ?

  Recent years have been tough for the fintech industry, especially after the pandemic. This period has brought new hurdles in data analysis and made existing ones more complex. As the market stabilises, both fintech and finserve companies must tackle these evolving data issues.

  Let’s examine some of the most significant data analytics challenges facing the fintech industry, starting with an issue that’s prevalent across the financial sector :

  1. Battling data silos

  In a recent survey by InterSystems, 54% of financial institution leaders said data silos are their biggest barrier to innovation, while 62% said removing silos is their priority data strategy for the next year.

  

  Data silos segregate data repositories across departments, products and other divisions. This is a major issue in traditional banking and something fintech companies should avoid inheriting at all costs.

  Siloed data makes it harder for decision-makers to view business performance with 360-degree clarity. It’s also expensive to maintain and operationalise and can evolve into privacy and data compliance issues if left unchecked.

  To avoid or remove data silos, develop a data governance framework and centralise your data repositories. Next, simplify your analytics stack into as few integrated tools as possible because complex tech stacks are one of the leading causes of data silos.

  Use an analytics system like Matomo that incorporates web analytics, marketing attribution and CRO testing into one toolkit.

  

  Matomo’s support plans help you implement a data system to meet the unique needs of your business and avoid issues like data silos. We also offer data warehouse exporting as a feature to bring all of your web analytics, customer data, support data, etc., into one centralised location.

  Try Matomo for free today, or contact our sales team to discuss support plans.

  2. Compliance with laws and regulations

  A survey by Alloy reveals that 93% of fintech companies find it difficult to meet compliance regulations. The cost of staying compliant tops their list of worries (23%), outranking even the financial hit from fraud (21%) – and this in a year marked by cyber threats.

  

  Data privacy laws are constantly changing, and the landscape varies across global regions, making adherence even more challenging for fintechs and traditional banks operating in multiple markets. 

  In the US market, companies grapple with regulations at both federal and state levels. Here are some of the state-level legislation coming into effect for 2024-2026 :

  • Oregon – Oregon Consumer Privacy Act (July 1, 2024)
  • Florida – Florida Digital Bill of Rights (July 1, 2024)
  • Texas – Texas Data Privacy and Security Act (July 1, 2024)
  • Montana – Montana Consumer Data Privacy Act (October 1, 2024)
  • Delaware – Delaware Personal Privacy Act (January 1, 2025)
  • Iowa – Iowa Consumer Data Protection Act (January 1, 2025)
  • New Jersey – SB 332 (January 15, 2025)
  • Tennessee – Tennessee Information Protection Act (July 1, 2025)
  • Indiana – Indiana Consumer Data Protection Act ( January 1, 2026)

  Other countries are also ramping up regional regulations. For instance, Canada has Quebec’s Act Respecting the Protection of Personal Information in the Private Sector and British Columbia’s Personal Information Protection Act (BC PIPA).

  Ignorance of country- or region-specific laws will not stop companies from suffering the consequences of violating them.

  The only answer is to invest in adherence and manage business growth accordingly. Ultimately, compliance is more affordable than non-compliance – not only in terms of the potential fines but also the potential risks to reputation, consumer trust and customer loyalty.

  This is an expensive lesson that fintech and traditional financial companies have had to learn together. GDPR regulators hit CaixaBank S.A, one of Spain’s largest banks, with multiple multi-million Euro fines, and Klarna Bank AB, a popular Swedish fintech company, for €720,000.

  To avoid similar fates, companies should :

  1. Build solid data systems
  2. Hire compliance experts
  3. Train their teams thoroughly
  4. Choose data analytics tools carefully

  Remember, even popular tools like Google Analytics aren’t automatically safe. Find out how Matomo helps you gather useful insights while sticking to rules like GDPR.

  3. Protecting against data security threats

  Cyber threats are increasing in volume and sophistication, with the financial sector becoming the most breached in 2023.

  

  The cybersecurity risks will only worsen, with WEF estimating annual cybercrime expenses of up to USD $10.5 trillion globally by 2025, up from USD $3 trillion in 2015.

  While technology brings new security solutions, it also amplifies existing risks and creates new ones. A 2024 McKinsey report warns that the risk of data breaches will continue to increase as the financial industry increasingly relies on third-party data tools and cloud computing services unless they simultaneously improve their security posture.

  The reality is that adopting a third-party data system without taking the proper precautions means adopting its security vulnerabilities.

  In 2023, the MOVEit data breach affected companies worldwide, including financial institutions using its file transfer system. One hack created a global data crisis, potentially affecting the customer data of every company using this one software product.

  The McKinsey report emphasises choosing tools wisely. Why ? Because when customer data is compromised, it’s your company that takes the heat, not the tool provider. As the report states :

  “Companies need reliable, insightful metrics and reporting (such as security compliance, risk metrics and vulnerability tracking) to prove to regulators the health of their security capabilities and to manage those capabilities.”

  Don’t put user or customer data in the hands of companies you can’t trust. Work with providers that care about security as much as you do. With Matomo, you own all of your data, ensuring it’s never used for unknown purposes.

  

  4. Protecting users’ privacy

  With security threats increasing, fintech companies and traditional banks must prioritise user privacy protection. Users are also increasingly aware of privacy threats and ready to walk away from companies that lose their trust.

  Cisco’s 2023 Data Privacy Benchmark Study reveals some eye-opening statistics :

  • 94% of companies said their customers wouldn’t buy from them if their data wasn’t protected, and 
  • 95% see privacy as a business necessity, not just a legal requirement.

  Modern financial companies must balance data collection and management with increasing privacy demands. This may sound contradictory for companies reliant on dated practices like third-party cookies, but they need to learn to thrive in a cookieless web as customers move to banks and service providers that have strong data ethics.

  This privacy protection journey starts with implementing web analytics ethically from the very first session.

  

  The most important elements of ethically-sound web analytics in fintech are :

  1. 100% data ownership : Make sure your data isn’t used in other ways by the tools that collect it.
  2. Respecting user privacy : Only collect the data you absolutely need to do your job and avoid personally identifiable information.
  3. Regulatory compliance : Stick with solutions built for compliance to stay out of legal trouble.
  4. Data transparency : Know how your tools use your data and let your customers know how you use it.

  Read our guide to ethical web analytics for more information.

  5. Comparing customer trust across industries 

  While fintech companies are making waves in the financial world, they’re still playing catch-up when it comes to earning customer trust. According to RFI Global, fintech has a consumer trust score of 5.8/10 in 2024, while traditional banking scores 7.6/10.

  

  This trust gap isn’t just about perception – it’s rooted in real issues :

  • Security breaches are making headlines more often.
  • Privacy regulations like GDPR are making consumers more aware of their rights.
  • Some fintech companies are struggling to handle fraud effectively.

  According to the UK’s Payment Systems Regulator, digital banking brands Monzo and Starling had some of the highest fraudulent activity rates in 2022. Yet, Monzo only reimbursed 6% of customers who reported suspicious transactions, compared to 70% for NatWest and 91% for Nationwide.

  So, what can fintech firms do to close this trust gap ?

  • Start with privacy-centric analytics from day one. This shows customers you value their privacy from the get-go.
  • Build and maintain a long-term reputation free of data leaks and privacy issues. One major breach can undo years of trust-building.
  • Learn from traditional banks when it comes to handling issues like fraudulent transactions, identity theft, and data breaches. Prompt, customer-friendly resolutions go a long way.
  • Remember : cutting-edge financial technology doesn’t make up for poor customer care. If your digital bank won’t refund customers who’ve fallen victim to credit card fraud, they’ll likely switch to a traditional bank that will.

  The fintech sector has made strides in innovation, but there’s still work to do in establishing trustworthiness. By focusing on robust security, transparent practices, and excellent customer service, fintech companies can bridge the trust gap and compete more effectively with traditional banks.

  6. Collecting quality data

  Adhering to data privacy regulations, protecting user data and implementing ethical analytics raises another challenge. How can companies do all of these things and still collect reliable, quality data ?

  Google’s answer is using predictive models, but this replaces real data with calculations and guesswork. The worst part is that Google Analytics doesn’t even let you use all of the data you collect in the first place. Instead, it uses something called data sampling once you pass certain thresholds.

  In practice, this means that Google Analytics uses a limited set of your data to calculate reports. We’ve discussed GA4 data sampling at length before, but there are two key problems for companies here :

  1. A sample size that’s too small won’t give you a full representation of your data.
  2. The more visitors that come to your site, the less accurate your reports will become.

  For high-growth companies, data sampling simply can’t keep up. Financial marketers widely recognise the shortcomings of big tech analytics providers. In fact, 80% of them say they’re concerned about data bias from major providers like Google and Meta affecting valuable insights.

  This is precisely why CRO:NYX Digital approached us after discovering Google Analytics wasn’t providing accurate campaign data. We set up an analytics system to suit the company’s needs and tested it alongside Google Analytics for multiple campaigns. In one instance, Google Analytics failed to register 6,837 users in a single day, approximately 9.8% of the total tracked by Matomo.

  In another instance, Google Analytics only tracked 600 visitors over 24 hours, while Matomo recorded nearly 71,000 visitors – an 11,700% discrepancy.

  

  Financial companies need a more reliable, privacy-centric alternative to Google Analytics that captures quality data without putting users at potential risk. This is why we built Matomo and why our customers love having total control and visibility of their data.

  Unlock the full power of fintech data analytics with Matomo

  Fintech companies face many data-related challenges, so compliant web analytics shouldn’t be one of them. 

  With Matomo, you get :

  • An all-in-one solution that handles traditional web analytics, behavioural analytics and more with strong integrations to minimise the likelihood of data siloing
  • Full compliance with GDPR, CCPA, PIPL and more
  • Complete ownership of your data to minimise cybersecurity risks caused by negligent third parties
  • An abundance of ways to protect customer privacy, like IP address anonymisation and respect for DoNotTrack settings
  • The ability to import data from Google Analytics and distance yourself from big tech
  • High-quality data that doesn’t rely on sampling
  • A tool built with financial analytics in mind

  Don’t let big tech companies limit the power of your data with sketchy privacy policies and counterintuitive systems like data sampling. 

  Start your Matomo free trial or request a demo to unlock the full power of fintech data analytics without putting your customers’ personal information at unnecessary risk.

• How to verify user permissions – Introducing the Piwik Platform

  9 novembre 2014, par Thomas Steur — Development

  This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to make your plugin multilingual). This time you’ll learn how to verify user permissions. For this tutorial you will need to have basic knowledge of PHP and the Piwik platform.

  When should a plugin verify permissions ?

  Usually you want to do this before executing any action – such as deleting or fetching data – and before rendering any sensitive information that should not be accessible by everyone. For instance in an API method or Controller action. You sometimes also need to verify permissions before registering menu items or widgets.

  How does Piwik’s user management work ?

  It is quite simple as it only differentiates between a few roles : View permission, Admin permission and Super User permission. If you manage multiple websites with Piwik a user can be assigned to different roles as a user might have no permission for some websites but view or admin permission for another set of websites.

  Worth mentioning is that roles inherit from each other. This means the role admin automatically includes the role view and a super user automatically covers the view and admin role.

  Getting started

  In this post, we assume that you have already set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

  Verifying user permissions

  To protect your data the platform offers many convenient methods in the \Piwik\Piwik class. There you will find methods that either start with check, is or has. While methods that start with check throw an exception in case a condition is not met, the other methods return a boolean true or false.

  Use methods that throw an exception if you want to stop any further execution in case a user does not have an appropriate role. The platform will catch the exception and display an error message or ask the user to log in.

  public function deleteAllMessages()
  {
      // delete messages only if user has super user access, otherwise show an error message
      Piwik::checkUserSuperUserAccess();
   
      $this->getModel()->deleteAllMessages();
  }
  Télécharger

  Use methods that return a boolean for instance when registering menu items or widgets.

  public function configureAdminMenu(MenuAdmin $menu)
  {
      if (Piwik::hasUserSuperUserAccess()) {
          $menu->addPlatformItem('Plugins', $this->urlForDefaultAction());
      }
  }
  Télécharger

  It is important to be aware that just because the menu item won’t be displayed in the UI a user can still open the registered URL manually. Therefore you have to check for permissions in the actual controller action as well.

  View permission

  A user having a view permission should be only able to view reports but not make any changes apart from his personal settings. The methods that end with UserHasSomeViewAccess make sure a user has at least view permission for one website whereas the methods *UserHasViewAccess($idSites = array(1,2,3)) check whether a user has view access for all of the given websites.

  Piwik::checkUserHasSomeViewAccess();
   
  Piwik::checkUserHasViewAccess($idSites = array(1,2,3));
  Télécharger

  As a plugin developer you would usually use the latter example to verify the permissions for specific websites. Use the first example in case you develop something like an “All Websites Dashboard” where you only want to make sure the user has a view permission for at least one website.

  Admin permission

  A user having an admin permission cannot only view reports but also change website related settings. The methods to check for this role are similar to the ones before, just swap the term View with Admin.

  Piwik::checkUserHasSomeAdminAccess();
   
  Piwik::checkUserHasAdminAccess($idSites = array(1,2,3));
  Télécharger

  Super user permission

  A user having the super user permission is allowed to access all of the data stored in Piwik and change any settings. To check if a user has this role use one of the methods that end with UserSuperUserAccess.

  Piwik::checkUserHasSuperUserAccess();

  As a plugin developer you would check for this permission for instance in places where your plugin shows an activity log over all users or where it offers the possibility to change any system wide settings.

  Getting information about the currently logged in user

  Sometimes you might want to know which user is currently logged in. This can be useful if you want to persist user related information in the database or if you want to send an email to the currently logged in user. You can easily get this information by calling the following methods :

  $login = Piwik::getCurrentUserLogin()
  $email = Piwik::getCurrentUserEmail()
  Télécharger

  Advanced features

  Of course there is more that you can do. For instance you can verify whether a user is an anonymous user or whether a user has a specific role. You can also perform any operation in the context of a super user even if the current user does not have this role. Would you like to know more about those features ? Check out the Piwik class reference, the Security guide and the Manage Users user guide.

  If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.

• Banking Data Strategies – A Primer to Zero-party, First-party, Second-party and Third-party data

  25 octobre 2024, par Daniel Crough — Banking and Financial Services, Privacy

  Banks hold some of our most sensitive information. Every transaction, loan application, and account balance tells a story about their customers’ lives. Under GDPR and banking regulations, protecting this information isn’t optional – it’s essential.

  Yet banks also need to understand how customers use their services to serve them better. The solution lies in understanding different types of banking data and how to handle each responsibly. From direct customer interactions to market research, each data source serves a specific purpose and requires its own privacy controls.

  Before diving into how banks can use each type of data effectively, let’s look into the key differences between them :

  Data Type	What It Is	Banking Example	Legal Considerations
  First-party	Data from direct customer interactions with your services	Transaction records, service usage patterns	Different legal bases apply (contract, legal obligation, legitimate interests)
  Zero-party	Information customers actively provide	Stated preferences, financial goals	Requires specific legal basis despite being voluntary ; may involve profiling
  Second-party	Data shared through formal partnerships	Insurance history from partners	Must comply with PSD2 and specific data sharing regulations
  Third-party	Data from external providers	Market analysis, demographic data	Requires due diligence on sources and specific transparency measures

  What is first-party data ?

  

  First-party data reveals how customers actually use your banking services. When someone logs into online banking, withdraws money from an ATM, or speaks with customer service, they create valuable information about real banking habits.

  This direct interaction data proves more reliable than assumptions or market research because it shows genuine customer behaviour. Banks need specific legal grounds to process this information. Basic banking services fall under contractual necessity, while fraud detection is required by law. Marketing activities need explicit customer consent. The key is being transparent with customers about what information you process and why.

  Start by collecting only what you need for each specific purpose. Store information securely and give customers clear control through privacy settings. This approach builds trust while helping meet privacy requirements under the GDPR’s data minimisation principle.

  What is zero-party data ?

  

  Zero-party data emerges when customers actively share information about their financial goals and preferences. Unlike first-party data, which comes from observing customer behaviour, zero-party data comes through direct communication. Customers might share their retirement plans, communication preferences, or feedback about services.

  Interactive tools create natural opportunities for this exchange. A retirement calculator helps customers plan their future while revealing their financial goals. Budget planners offer immediate value through personalised advice. When customers see clear benefits, they’re more likely to share their preferences.

  However, voluntary sharing doesn’t mean unrestricted use. The ICO’s guidance on purpose limitation applies even to freely shared information. Tell customers exactly how you’ll use their data, document specific reasons for collecting each piece of information, and make it simple to update or remove personal data.

  Regular reviews help ensure you still need the information customers have shared. This aligns with both GDPR requirements and customer expectations about data management. By treating voluntary information with the same care as other customer data, banks build lasting trust.

  What is second-party data ?

  

  Second-party data comes from formal partnerships between banks and trusted companies. For example, a bank might work with an insurance provider to better understand shared customers’ financial needs.

  These partnerships need careful planning to protect customer privacy. The ICO’s Data Sharing Code provides clear guidelines : both organisations must agree on what data they’ll share, how they’ll protect it, and how long they’ll keep it before any sharing begins.

  Transparency builds trust in these arrangements. Tell customers about planned data sharing before it happens. Explain what information you’ll share and how it helps provide better services.

  Regular audits help ensure both partners maintain high privacy standards. Review shared data regularly to confirm it’s still necessary and properly protected. Be ready to adjust or end partnerships if privacy standards slip. Remember that your responsibility to protect customer data extends to information shared with partners.

  Successful partnerships balance improved service with diligent privacy protection. When done right, they help banks understand customer needs better while maintaining the trust that makes banking relationships work.

  What is third-party data ?

  

  Third-party data comes from external sources outside your bank and its partners. Market research firms, data analytics companies, and economic research organizations gather and sell this information to help banks understand broader market trends.

  This data helps fill knowledge gaps about the wider financial landscape. For example, third-party data might reveal shifts in consumer spending patterns across different age groups or regions. It can show how customers interact with different financial services or highlight emerging banking preferences in specific demographics.

  But third-party data needs careful evaluation before use. Since your bank didn’t collect this information directly, you must verify both its quality and compliance with privacy laws. Start by checking how providers collected their data and whether they had proper consent. Look for providers who clearly document their data sources and collection methods.

  Quality varies significantly among third-party data providers. Some key questions to consider before purchasing :

  • How recent is the data ?
  • How was it collected ?
  • What privacy protections are in place ?
  • How often is it updated ?
  • Which specific market segments does it cover ?

  Consider whether third-party data will truly add value beyond your existing information. Many banks find they can gain similar insights by analysing their first-party data more effectively. If you do use third-party data, document your reasons for using it and be transparent about your data sources.

  Creating your banking data strategy

  

  A clear data strategy helps your bank collect and use information effectively while protecting customer privacy. This matters most with first-party data – the information that comes directly from your customers’ banking activities.

  Start by understanding what data you already have. Many banks collect valuable information through everyday transactions, website visits, and customer service interactions. Review these existing data sources before adding new ones. Often, you already have the insights you need – they just need better organization.

  Map each type of data to a specific purpose. For example, transaction data might help detect fraud and improve service recommendations. Website analytics could reveal which banking features customers use most. Each data point should serve a clear business purpose while respecting customer privacy.

  Strong data quality standards support better decisions. Create processes to update customer information regularly and remove outdated records. Check data accuracy often and maintain consistent formats across your systems. These practices help ensure your insights reflect reality.

  Remember that strategy means choosing what not to do. You don’t need to collect every piece of data possible. Focus on information that helps you serve customers better while maintaining their privacy.

  Managing multiple data sources

  

  Banks work with many types of data – from direct customer interactions to market research. Each source serves a specific purpose, but combining them effectively requires careful planning and precise attention to regulations like GDPR and ePrivacy.

  First-party data forms your foundation. It shows how your customers actually use your services and what they need from their bank. This direct interaction data proves most valuable because it reflects real behaviour rather than assumptions. When customers check their balances, transfer money, or apply for loans, they show you exactly how they use banking services.

  Zero-party data adds context to these interactions. When customers share their financial goals or preferences directly, they help you understand the “why” behind their actions. This insight helps shape better services. For example, knowing a customer plans to buy a house helps you offer relevant savings tools or mortgage information at the right time.

  Second-party partnerships can fill specific knowledge gaps. Working with trusted partners might reveal how customers manage their broader financial lives. But only pursue partnerships when they offer clear value to customers. Always explain these relationships clearly and protect shared information carefully.

  Third-party data helps provide market context, but use it selectively. External market research can highlight broader trends or opportunities. However, this data often proves less reliable than information from direct customer interactions. Consider it a supplement to, not a replacement for, your own customer insights.

  Keep these principles in mind when combining data sources :

  • Prioritize direct customer interactions
  • Focus on information that improves services
  • Maintain consistent privacy standards across sources
  • Document where each insight comes from
  • Review regularly whether each source adds value
  • Work with privacy and data experts to ensure customer information is handled properly

  Enhance your web analytics strategy with Matomo

  

  The financial sector finds powerful and compliant web analytics increasingly valuable as it navigates data management and privacy regulations. Matomo provides a configurable privacy-centric solution that meets the requirements of banks and financial institutions.

  Matomo empowers your organisation to :

  • Collect accurate, GDPR-compliant web data
  • Integrate web analytics with your existing tools and platforms
  • Maintain full control over your analytics data
  • Gain insights without compromising user privacy

  Matomo is trusted by some of the world’s biggest banks and financial institutions. Try Matomo for free for 30 days to see how privacy-focused analytics can get you the insights you need while maintaining compliance and user trust.