By John Jaser
Who’s on the side of the consumer? It’s getting harder to tell.
The Wall Street Journal recently reported that many popular websites are installing trackers to record our behavior on the Internet. That data has become a complex and lucrative industry for advertisers looking to target their messages. While this has not touched banks, sophisticated web tracking opens the door to significant risks to banks, should criminals gain access to the information collected.
Today’s web tracking mechanisms go well beyond “cookies” – the snippets of text used for years to authenticate users and store their site preferences. Cookies have evolved into “beacons,” which track what consumers do on websites. This information is harvested by data aggregation companies, such as Lotame, which compile it into detailed profiles of user behavior across websites from Google to Dictionary.com.
The data aggregators combine information about a consumer’s web activity with his shopping interests, income, even medical conditions, dramatically increasing the consumer’s value to a potential advertiser. If the advertiser is looking for people who visited home furnishing sites four times last week and checked their stocks three times today, this is the way to do it.
Armed with this knowledge, an advertiser can reach people on the Internet with ads targeted to their desires when they are most receptive. Add the geo-location capabilities of mobile computing, and this becomes a bonanza to any store looking to attract likely customers as they walk by. Welcome to the new age of marketing, already in progress.
BlueKai, a company that conducts real-time auctions of consumer data for advertisers, claims to have information on 160 million shoppers across retail, auto, travel and finance categories, who have shown they are ready to buy as a result of online activities such as comparison shopping or using an auto loan calculator.
The key to the new web marketing methods is the beacon files that are downloaded to the user’s computer as part of free software, advertising or other tracking files. In many cases, the websites aren’t even aware that they’re installing the beacons. Some of these beacons secretly re-spawn themselves after users try to delete them.
I find a striking similarity between these legitimate trackers and the sneaky tools of cyber thieves. Drive-by viruses – installed when a user merely visits a corrupt site – are commonly used by today’s criminals, and have resulted in spectacular heists. There’s not much difference here.
Yet the Internet advertising industry claims that the data collected via beacons and sold to advertisers cannot identify consumers personally. Besides, such tools keep the Internet affordable, they claim. Omar Tawakol, CEO of BlueKai, recently wrote that a survey by MarketingSherpa showed that consumers preferred to receive ads based on their web behaviors over paying directly for web content.
Tawakol even proposed that Internet advertisers should do a better job of informing consumers about the data it collects and shares. “Preference platforms” would enable consumers to decide if they want their behavior to be tracked or risk the horrors of ads that are “totally unrelated to their interests,” he said.
While such disclosures and preference tools are helpful, they fall short of addressing the much larger storehouses of consumer data that could easily identify a person, his habits, his medical history, income, loans and more. No one can dispute the value of such data in the hands of advertisers. But in the hands of cyber criminals, this information is even more valuable – and potentially deadly. You can bet the criminals will someday find a way to access this treasure trove of consumer information, and banks will be affected.
John Jaser manages Internet Services and Security for Avon, Conn.-based COCC, Inc., (www.cocc.com), a 44-year-old firm specializing in outsourced information technology and