This morning I spoke to the International Payments 2017 conference with a talk about data transformation. I have written about this theme before, and they asked me to turn the ideas into a talk. It’s an interesting conference – because the payments industry is in the throes of a massive change, as new technologies approaches and entrants emerge.
For example Alipay, the payments arm of Alibaba, the Chinese ecommerce company attended, and it was pretty mind-blowing to learn that you can now buy from KFC in China using facial recognition. No phone, no dongle, just bring your face. Alipay has some really interesting new approaches to lightweight risk management, underpinning an API-driven approach to payments. In China everything is about processing stuff faster at the point of sale – with such a huge population, cash is seen as little more than friction. A major railway station can’t afford to have people messing around. It’s all about volumes of people, China scale. But back to my talk.
One idea I covered in some detail was the question of where data could or should be a balance sheet item. I borrowed heavily from our very own Rachel Stephens post on data and the balance sheet. Is data an asset or a liability or both? If the former, how does it depreciate, and what is the cost of managing it? Of course the answer is – it depends. Data is slippery and very hard to value, because it only ever has value in context. Generally fresh data is worth more, but in some contexts logs are more valuable: a geologist doesn’t generally care what happened yesterday. What does it mean to have a data savvy culture? What’s the value of search data, and maps?
When I first began to look at the data transformation question – enterprises becoming more data savvy it was from the perspective of gaining better insights from data. But of course a corollary is security, and the Equifax breach, which came to light last week, was a gift in terms of thinking through the issues of data governance with a group of payments professionals. Today information security state of the art seems like medicine in the age of the Plague. Sometimes it feels like we are wearing weird masks and hoping for the best. Apply your patches folks – Guy Podjarny of Snyk lays out issues and solutions here clearly and dispassionately.
Just as digital transformation has shifted testing left, making it the responsibility of the developer, rather than separate QA and testing teams, so we really need to get our acts together on secure development, patching and making security part of a data-savvy corporate culture. Consider that GDPR, a new Europe wide data standard, will introduce fines for serious breaches of up to 4% of global turnover (net sales generated by a business). Taking advantage of data will require managing it far more effectively.
Google and Facebook may have just as much data about us as Equifax, but at least it manages it properly.