Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Transcript of Online Banking Catches on: Financial Services Sites Face Uphill Trust Battles at “Trust or Consequence: The Web’s Reputation at Risk”


  • Jared Spool, Principal, User Interface Engineering
  • Janice Rohn, Vice President of User Experience, World Savings Bank
  • Steve Furman, Marketing Director for E-Commerce, Discover Financial Services
  • Robert Mayer, Professor of Family and Consumer Studies, University of Utah
  • Frank Torres, Director of Consumer Affairs, Microsoft Corp.

Other Speakers:
G. Evans Witt, Princeton Survey Research

Note: This is an edited transcript of the proceedings.

Jared Spool: Am I audible? Am I visible? Excellent. I like both of those things. My name is Jared Spool and I am the cruise director for the next hour or so. And I work for a company called User Interface Engineering. We work in the area of research. We’re a think tank that works in the area of how to design interfaces that delight people and don’t frustrate, and our clients work with us to look at creating online experiences that are effective.

What we’re going to talk about for the next hour is this issue of trust in financial systems, understanding what was talked about in the study this morning, and sort of looking at the different aspects of trust as it pertains to online financial systems. We have a really nice panel put together for this. I’ll just briefly go through who each of them is, and then we’ll talk about in a little bit more depth as we talk to each one of them.

What we’re going to do is – the way the format is going to work is we’re pretty much going to open it up for questions almost immediately. I have a couple of questions I’m going to get the panelists involved in, but really we’re more interested in hearing where you want to take this panel. So we don’t have very much planned in terms of position statements or questions in that regard.

I have, to your far left here is Steve Furman, who is from Discover Card. Steve is Director of Marketing E-Commerce, and he has been looking at these issues from the credit card side of the world. Rob Mayer, who is Professor of Family and Consumer Studies at the University of Utah, and he has done a fair amount of study in terms of these areas. Janice Rohn, who’s Vice-President of User Experience for World Savings Bank. She has been working in the computer industry for many years, has recently just come to — not recently, but a few years back – went into the financial industry and is going to talk about the differences that happened there and sort of where the banking industry’s at. And finally, Frank Torres, who is Director of Consumer Affairs for Microsoft Corporation; Frank previously was with Consumers Union and apparently they won’t let him get out of doing things still.

So starting there, we heard this morning about the study. If we could put up the slide from this morning that we saw multiple times. We have basically this finding here that people seem to trust banking and online bill payment a bit more than they trust information about credit history and their credit scores, buying and selling stocks, and mortgages and loans. So we want to start by exploring that difference and how that impacts the organizations that actually are putting these materials together.

So I want to start with Janice. What I didn’t mention about Janice is that previous to coming to World Savings Bank, she was at PeopleSoft, Seibel [Systems], Sun Microsystems, and Apple, so she’s been in this industry for a long time. So Janice, when you’re thinking about designing for banking customers and when banks are doing that, is this issue of trust something that’s in your mind? And is it different than the systems you were designing at these other companies that are in the non-financial space? Are you seeing a difference across that?

Janice Rohn: Yes, definitely. And let me just say that any opinions I express here are those of myself and not my employer. So one of the interesting things is that we do spend a lot of time thinking about trust. Obviously that’s of utmost importance when looking at online banking, because the online channel is a very important channel to financial institutions – it’s much lower cost, it helps with stickiness with consumers because it provides a 24 by 7 access to lots of services and abilities that you can’t have in your usual in-branch. It obviously extends the reach of the brick and mortar institutions by making it available to people who aren’t near the branches. And then there are the pure online financial institutions which have no brick-and-mortar equivalent. So, [it’s a] very important channel.

One of the interesting things — you know, I have my own theories about these numbers. As far as credibility with banking, we definitely see that, people feeling comfortable with that. We see people who are feeling more comfortable with online than actually offline, which is interesting because you do see a — depending on the source of your data, it varies, but one of the latest studies I saw had — of online fraud, only 11.6 percent were from online; the remainder were from offline. So there is justified concern about doing things offline, mailing something, handing something to somebody who isn’t necessarily — you don’t know their background. So there is a whole category of people who have more faith in online than offline.

For something like loans, my own theory about that is that people are accustomed to going to a site where they have shown a rate advertised for someone with the best credit scores, and then when they get into the application, they find out, lo and behold, they don’t match that high credit score or that high loan-to-value ratio, and then they’re offered a lower rate. So that reduces their trust in that particular site.

So I have my own theories about these things, but I’d be interested to hear about more studies in this area.

Jared Spool: So in terms of the — is it that people have a clear understanding, or what we refer to in the world of design, as a clear mental model of how a checking account works, how a savings account works, potentially how bill pay works. But when you get into these other things such as brokerage services and credit reports, they’re not so clear and that that fuzziness in their perception as to how these things work, that could be affecting their level of trust, do you think?

Janice Rohn: I think it’s part of the perception of bait and switch. If you advertise a certificate of deposit online, as long as you have that minimum balance, you will get that rate, there’s no doubt about it. That’s different from how oftentimes loans are advertised online, where unless you have these certain set of conditions which are usually in the fine print, oftentimes on a separate page, and the person doesn’t see those, then they get into spending time, filling out personal information, only to find out that they don’t get the same rate that was advertised. So I think there’s a lot of that.

And a number of the things that we have done is we have a new privacy, security, and fraud prevention footer link across the entire site, which we’ve really put a lot of helpful information not just about our site, but also about fraud protection in general, to help educate the public about that.

Robert Mayer: That problem of fare jumping also applies to life insurance, which you see is not on there but I suspect would be even lower. And maybe car insurance and health insurance as well.

Male Speaker: I think there’s another element to those, too. One of my colleagues here yesterday told me that what they’re seeing — and we just have the anecdotal evidence — but if you look at the spams that turn into the phishing that turn into the fraud, sometimes you get the advertisement for the low-interest rate loan, click here, and it’s a fraudster, not a legitimate lender. So I wonder if that’s also not contributing to the low number, the low trust numbers for those types of services, versus the banking where the brand recognition might be greater.

Jared Spool: Now, Steve, Discover was one of the first players in the e-commerce space. I mean, you guys have doing this for a very long time and it’s been a substantial channel for you, whereas in a lot of banking institutions, many banking credit institutions, they didn’t quite jump into the Internet that quickly. They kept with their other channels, and you guys really jumped in with both feet and have done some amazing stuff.

Have you seen this playing a role, and has it changed over time as you’ve been working the Internet? Is it more of an issue or less of an issue than it was when you first started?

Steve Furman: Yeah, it’s less of an issue, I think. A couple of things. We’re about 20 years old, and we’ve spent half of that online, so we’ve been — we’ve had a Web site out there for 10 years. I think when we started, we tried to really bring up the familiarity of what’s it like in the other channel, so we made the online statement look a lot like the offline statement, and it was really a comfort level for our customers. We made the Bill Pay, we did a little check metaphor so it looks just like your check: “Pay to the Order of.”And I think that went a long way in getting people very comfortable with this, rather than throwing up some Web screens that were really DOS prompt kind of things and kind of figure it out on your own.

The other thing we did is utilize our multi-channels. So a lot of people call us, right? They get statements in the mail and other things in the mail, so utilizing across the channels of talking about your Web site, I think, gives people a lot of sense of trust and now they know who’s behind that Web site and that it’s fairly safe to go there.

Obviously, with the growth of online payments, the relationship with a company like ours is very important to people. They put all recurring bills on their card and they want to have a sense of trust, so we try to give people control, we try to give them options. Protection is really key, and I think we talk about that very regularly with our card members, and that’s gone a long way.

Jared Spool: Do you see any new pressure sort of coming down the pike that are things that you’re having to deal with now that you didn’t have to deal with a few years back?

Steve Furman: Well, there’s always the phishing and those kinds of things that pop up that everyone is dealing with. We launched a product five years ago called Secure Online Account Numbers, so people have this — the great thing about the Internet is you can find whatever you want and buy it, but right now if it’s not at a major site or a major merchant, maybe you are hesitant to giving your credit card number. So we developed this functionality, really born out of people’s interest in wanting to do that on the Web, that they can actually generate a single use or a secure or disposal credit card number, give that to the merchant — their real card number’s never really given to them, and then their transaction can happen and they have — it sort of protects them after the sale.

That’s one thing that we have seen — we launched it a while ago – we’ve seen growing interest in that, I think, as it’s born out by people thinking they’re trying to change their behavior about online shopping.

Jared Spool: Has the promotion of that been a challenge or has it been something that once you explain it to somebody very quickly, they like get it and they start using it?

Steve Furman: Yeah, it’s a good question. It’s fairly easy to explain, people like kind of get it. It’s like anything else — awareness of it, getting people to be aware of it, getting people to realize that it is one extra step. You have to go to the site, you have to authenticate yourself, and then generate that number, and people are in a hurry and the Internet’s very much a hurry kind of a thing. So we’d like to have the adoption greater than it is, but that option is always out there. And communicating that to our card member base has been the [inaudible].

Jared Spool: Just a quick survey of the audience. How many people here know if their credit card company has a similar program? Just a couple of you. How many people here hate raising their hands in one of those surveys? Okay, that’s our margin of error. I forgot about the humming thing! These new ideas take a while for me to get adoption.

Rob Mayer is from the University of Utah. He’s been studying consumer studies, and in particular looking at things such as insurance and credit reports, so you mentioned insurance before. Talk about how this — first, with the work you’ve been doing in credit reports, where do you think these numbers are coming from in that regard? And also, what do you think, in terms of insurance, where would the numbers be, do you think?

Robert Mayer: Well, I think it’s appropriate that on this chart, that credit reporting and credit scoring is in the middle because I think this is an industry in tremendous flux right now, especially from the point of view – the extent to which consumers will be buying services from them.

You’re probably well aware that the FACT Act [Fair and Accurate Credit Transactions Act] now makes it mandatory or gives the consumer the right to see their credit report once a year from each of the three major credit reporting agencies for free. Doesn’t give them the right to see their credit score for free, although some consumers think that. It gives you the right to see your credit report for free. And so the data on consumer use of these kinds of services is very much in transition as people discover the fact that they now have the right to see what they had to pay for previously.

So you would imagine that this theme of use breeds trust would now be going to this industry, except that the industry initially hasn’t done a very good job of making these free credit reports available and easy to access. I did a study of having adults and students try to access their credit reports, their free credit reports, and there were tremendous problems. Only about half of the people were able to access all three of their credit reports; of those, only about half were able to re-access them within the 30-day period when you’re allowed to go back to your credit reports. So the industry’s first step into meeting the world of consumers — not just those who are willing to pay for their reports before or had to pay for them before in order to get a loan or whatever — has been a bit of a misstep.

So the idea that consumers, now that they’ve seen what’s in their credit report and they’ve had this good interaction with the credit reporting industry and they’re going to go back and use it more and more, I don’t think applies. And there are a number of other problems. There’s a lot of heavy selling that goes on, a lot of bundling of products that consumers may want one and not the other.

Jared Spool: Such as?

Robert Mayer: So for example, they’re going to sell you for $35 free access to your credit report and the credit score. So how much are you paying for the credit score? Thirty-five dollars because the other three are free anyway. Or you can pay 12 dollars a month all year long and have certain additional — you can go into see your credit report as often as you want, you can get some identity theft insurance, but you have to pretty much take the deal all or nothing. And most consumers don’t like that as well.

And then there’s what comes close to maybe even deception, where companies are selling you your credit score, but most consumers think that they’re buying their FICO — their Fair Isaac & Co. score. But each of the credit reporting companies makes up — well, one sells the FICO score, and the others create their own scores to sell to consumers. The consumers think they’re buying the most commonly used score, but they’re actually getting a different score. Now they’re probably not going to be wildly different, but you’re really not getting what you think you’re paying for.

So this is in the area where I think there are a lot of problems, and we may see consumer trust go down in this industry before it goes back up.

Do you want me to talk about life insurance sites too or wait on that?

Jared Spool: Yeah. No, no, talk about that for a minute.

Robert Mayer: Several years ago I did a study of — oh, let me just mention one other thing. There are many, many sources of information about how to protect your financial privacy. Companies like Microsoft dispense a lot of it, the Federal Trade Commission, journalists, government agencies at the state level. So there’s a huge amount of advice about how to protect your financial privacy.

The No. 2 piece of information across all these is to check your credit report, regularly check your credit report. So just another reason why this industry is very much in flux, because consumers are being told you need to start getting in the habit of checking your credit report regularly, but their first experiences aren’t all that positive.

Jared Spool: Right, and most people don’t find out they have a credit problem until they apply for something that they expect to go smoothly, and then all of a sudden find out that there’s something on their credit report.

Robert Mayer: Right, or they’re going to pay a higher rate than they thought they were going to.

Jared Spool: Right, and then making corrections to the report. That can be problematic.

Robert Mayer: Yes. But that’s probably not any harder than it used to be. But before, credit reports were things that very few consumers even knew existed or knew they had access to. With this new legislation, consumers are learning they have access and this advice is telling them they ought to be getting familiar with their credit reports. So the question then becomes: How usable are these sites and they’re not. The sites aren’t, well, it’s one site, the annual credit report site, and then you go to the three company sites.

Jared Spool: Let’s come back to the insurance thing and talk quickly about this identity theft thing, because that’s obviously playing a huge burden on — I’m expecting that Janice, you’re not going to be able to tell me how many of your customers have been subject to this, but if you want to, go ahead.

But more importantly, this is something that is really more of a fear thing, that it’s just everybody likes to talk about things that scare us. Lately every news program seems to talk about avian flu — I’m waiting till we have avian flu identity theft – but is it something that’s just one of these memes that’s just out in the public that people are just like, “Oh, you’re going to get your identity stolen”? Or is this something that consumers really should be concerned about, and how is that affecting the way you guys package your banking experience in terms of those issues?

Steve Furman: We’ve seen in some of the feedback from our consumers that they do think about identity theft and fraudulent charges as different. And for us, particularly it being a credit card issue, fraudulent charges are something they’re very worried about and concerned about. They don’t want someone to get their credit card number and use it without their permission.

So we talk a lot about — we have a space on our site, like Janice was mentioning, we have a security area on our site where we give people tips on how to protect yourself in kind of any situation. And I think the biggest thing that we’ve tried to do — and it’s something that we’re still working on — but think about your communication of security and identity theft or fraud protection the way you think about your marketing. You wouldn’t just throw a marketing message out to everyone and just hope it sticks, right? And in the same way, you can’t just have a fear, red light out there, because people — well, what does it mean? Is it important to me, is it relevant to me?

So we’ve tried to think about our segments and security segments, if you will, or segments around reassurance or protection, and tried to line those up with our regular segments and then communicate to them with something’s that more relevant. Maybe they’re in this stage or maybe they’re not shopping online or maybe they are shopping online, and that helps kind of break it down. Also, if you will, [it’s] more of a drip-feed communication to them, more bite-sized chunks that people can think about and then either research more on their own, on a site or any site, our site included. It seems to have more effect on people that way.

Janice Rohn: One of the things from research, there is a lot of confusion from what I’ve seen of what’s privacy, what’s security, what’s fraud protection. A lot of people have those concepts just sort of merged together and aren’t able to articulate what are the differences among those things. So similar to what you were just talking about is, what we’ve tried to concentrate on are actionable things – things that we do, thing that they can do, to try and remove the fear from it and make sure that people think in terms of, “Here are specific actions I can take to try to make sure that I am not a victim of these things.”

Jared Spool: I think Jonathan’s [Zittrain] slide this morning, when he circled this okay, how to decide if you should download this or not, make sure it’s a trusted site. His comment was, “Give people more information, give them tools, let them feel like they’re in control. They can make an informed decision about that.” That’s really key, that’s huge for trust, right? Because it’s not helpful with just “beware” or “make sure it’s trusted.” You’ve got to give people information, in context. You can’t just say, “Go to this Web site and find it on your own.” You have to really think about it in terms of the consumer experience. What are they trying to do on your site? Or on the Internet? Or when they’re communicating with you through customer service?

Janice Rohn: I think that’s an excellent point because when you do go to a number of sites, and you start to try to read the privacy policy, you can see that it’s just pure legalese, and one of the things that we’ve made an effort to do is make sure that it’s in plain English and very understandable by the average consumer.

Jared Spool: So Frank, you were with Consumers Union and then had some sort of religious experience and are now with Microsoft. That’s got to be some sort of bizarre polar thing there. I don’t know if it involved a big pool of water or something. But from a sort of consumer affairs perspective, is this — in particular the issue of identity theft, is this something that the government should be getting into? I know Microsoft has been thinking about this a lot, that everything from the way they’ve put together their .Net passport stuff to various other tools that they provide folk. What is the role you think of the infrastructure providers like Microsoft or the government in this?

Frank Torres: Well, let me begin by saying, I don’t think it was so much an epiphany for me. I think it was an epiphany for the company. I’ve given all the trials and tribulations they’d been through in years past. I think the folks there finally woke up and said, “You know, we can no longer have user interfaces like the ones you all saw this morning. Our technologists are great people, but don’t put them in charge of writing something that goes out to the normal consumer because they simply can’t kind of get the language right.” So we’re trying to work on that and work on the user interface to make it easier to read. We’re not there yet, but we’re getting there.

Jared Spool But there was a day when my father called me up — my father lived in Charleston, South Carolina — he called me up and yelled at me at 11:00 at night because his computer apparently was conducting illegal operations. And he’d gotten this message, “Your computer is conducting illegal operations and this program is going to —” and he called me up.

Frank Torres He didn’t know what the heck he did, right?

Jared Spool: “I’m a respected member of the South Carolina bar and I can’t have my computer conducting illegal operations.” He was very upset about that.

Frank Torres: And interestingly, it’s those types of experiences, it’s the numbers that now WebWatch has – I think Lee Rainie and the folks at the Pew Internet & American Life Project also came up with around spyware. I mean, what’s a big concern for us and others in the industry, and I think the FTC and financial services institutions, is if we don’t do something about the fraud taking place online, and consumer confidence goes down and people stop using the Internet, consumers lose a great resource, and companies lose part of their bottom line.

If money is a motivating factor, I think that’s part of it for everyone. I think financial services transactions go down a 100-fold between two cents doing something online versus two dollars doing it in the offline world. And so when we see numbers like that, does it motivate companies like Microsoft and others to act? Absolutely.

I think partnering with government is just part of it. I mean, we look at — and I think Eileen Harrington from the FTC raised these points, and we’ve heard others raise them as well. It’s not just consumer education. We’ve partnered with the FTC on trying to promote this On Guard Online project, which provides a wealth of information. Microsoft is part of a group called the National Cyber Security Alliance, a group of security in Internet companies again trying to educate consumers.

But that only gets you halfway there, and the burden shouldn’t be shouldered by consumers in the entirety. We need to educate them to make everyone smart, to avoid what does get through so that they’re smart consumers generally. But companies do have a responsibility. Microsoft is a technology company. We’re now making great tools to get at viruses, spyware, spam, we’ve put out a tool for phishing that’s still in kind of the testing phase, but we put it out—

Jared Spool: To prevent phishing or to encourage it?

Frank Torres: To prevent phishing — although I understand there are Web sites where you can go that if you’re a phisher, you can actually download kits that say, “If you want to phish, here’s you go about doing it.” So we’re doing things like that.

When the banking regulators say, “Maybe a solution to identity theft is having two facts of identification so it’s not just you putting in a password or your Social Security Number to get an account.” Maybe you need two different forms of ID. Our folks get on top of that and say, “How can we make that — how can we work with the banking community to make that happen?” So we work on the technology front.

On the enforcement side, we brought countless numbers of cases against spammers, against phishers. These are the guys that get into consumers’ inboxes to say, “Give us your account information. We’re from e-Bay or Bank of America or from Microsoft even. Turn over all this information to us because you’ve got a problem with your account.” The consumer unwittingly turns it over and it’s a phisher from Eastern Europe and they’re using all this information to commit identity theft.

So we’ve created a tool to try to identify those types of sites so they don’t even reach the consumers’ inbox. And finally, we also work on legislative aspects and this is kind of a switch for companies like Microsoft. I think before it used to be seen, Internet, hands off. Government, stay out of the marketplace. But with this proliferation of bad guys, I think the companies have joined together with members of Congress and others to say, “Let’s band together and go after the bad guys, and if it takes legislation to do that, let’s get the legislation passed that’s reasonable, but let’s think about doing that.”

That’s kind of a switch where the regulators certainly know where to find companies like Microsoft. They know where to find Discover, they know where to find Bank of America, they know how to get us. And so we can talk about the different types of products that are being offered, but there’s a new problem that’s emerged and that’s the bad guys that are out there that are making money from unsuspecting consumers. And we’re trying to join in the fight with government, financial services, colleagues, and others to try to help consumers.

Jared Spool: So you’re done with making money from unsuspecting consumers? Never mind! Just was wondering where we were going with that.

Frank Torres: This is the new Microsoft.

Jared Spool: At this point, what I can do is open it for questions from you guys. We have Jorgen, I think, and Melissa are wandering around with microphones, and if you could raise your hand. They’re actually going to pick who’s going to ask the questions, so if you want to ask a question, you get their attention.

Male Speaker: I’m just sitting here as a consumer essentially, and knowing that I receive within the course of a week the typical privacy – I guess you could say – disclosures from my bank credit card companies. And I actually read it this time because I’m getting into reading privacy notifications. And this time they were in English. But I’m interested to know what you think of this.

In both of them – particularly MBNA, which is one of the credit card companies we have – it said, “We will collect all and sell all your information” – they said – “about you. We will do this within our company.” And then the second section was, “We will collect and sell all your information outside the company.” And then at the bottom it said, “Unless you, of course, opt out” – in somewhat bold, to be honest, 10 font toward the bottom.

And the Citigroup one, which I guess I expected more of Citigroup, essentially said the same thing in a slightly more legalese way. So I’m wondering here —

Jared Spool: It could have been much worse. It could have said, ‘We will actually pay telemarketers to call you at 6pm.”

Male Speaker: Yeah, they could do that. But see, there’s an issue of, I don’t even know if that’s legal. Of course, I’m on the Do-Not-Call list.

Speaker from Panel: That’s right, but they have an existing relationship.

Male Speaker: But the question is, how do you then talk about — for example, all of these ideas assume a certain kind of propriety, and I would think that the best kind of propriety would be opt in rather than opt out. The whole idea of giving people FICO scores, for example. No one asked the prior question of exactly what goes into a FICO score. Now I know that you can go on the Web and once you get your score — because I did this one time just to learn — they will tell you how to improve it. But I don’t know anyone who is told what the algorithm is to get in the first place.

Jared Spool: That’s a good question. Rob, do people understand what their scores consist of? What those mean?

Robert Mayer: CFA [Consumers Federation of America] has a study on that. Right.

Female Speaker: I believe so, yes.

Jared Spool: Do you want to talk about the study?

Female Speaker: No.

Male Speaker: I guess my point is, there are certain proprieties here in logic and in terms of trust, you can subvert a sense of propriety and then argue that you’re doing the right thing. But I think regular people would argue that opting in and telling you what a score is made of is really a prior to any kind of understanding of how to relate.

Jared Spool: Steve, do you want to talk about in terms of this opt in versus opt out? What does Discover tend to do in terms of marketing?

Steve Furman: Well, Discover follows all federal regulations, obviously, and our offline and online privacy sharing or policies are no different, so they are the same whether you just never go online or whether you do go online. The opt in/opt out is really a federal – it’s a government regulation issue.

Speaker from Panel: But what’s not regulated is how easy it is to opt out. You can get a little postcard that was already stamped, saying, “Do you want to opt in or opt out? Just check a box.” If companies did that, a lot of people would opt out. You may not even have instructions on how to opt out at all, no matter how difficult.

Male Speaker: And who sets the policy? You say it’s the federal government. There are things called lobbying. Let’s not fool ourselves. The reason is opt in rather than opt out is because of lobbying. So it’s not a—

Frank Torres: Actually, it’s Title Five of the Graham-Leach-Bliley Act that was passed some years ago that kind of set the parameters around—

Male Speaker: I understand, but who do you think got in on the writing of that?

Speaker from Panel: Well, it was a compromise. It was a compromise.

Frank Torres: I can’t say; I was at CU [Consumers Union] at the time.

Speaker from Panel: But there haven’t been regulations about how people can opt out. It’s just you have to inform them of their right to opt out.

Jared Spool: But you were a lobbyist at that time.

Frank Torres: But for Consumers Union and so at the time—

Jared Spool: So does that mean it doesn’t matter?

Frank Torres: Taking off my Microsoft hat if I can, at the time there was some concern about how this would work, and I think the original notices that the financial services industry sent out — I mean, even Tim Muris, the Chairman of the FTC, said, “I’m a lawyer and I’m head of the FTC and I’m having a problem understanding what’s going on here.”

But to the financial services industry credit, I think they’ve gone back to the drawing board to try to simplify those notices. Notwithstanding the fact that what the law allows for in terms of consumer choice is, you now can opt out in certain instances, but no opt in.

Jared Spool: Janice, can you say from a banking industry perspective, what was driving this move to go to plain English to start with? Was it the fact that there was a good competitive reason to be clear to consumers, versus be very confusing about what the policies are?

Janice Rohn: Well, I could say because I head up the User Experience Department, that we did it that way because we wanted to make sure that people could understand and that it was very clear to them that they weren’t being confused about it. Also the policies for banking are very different from the policies for credit cards, so as far as how information is shared and that sort of thing, it’s very different.

One of the other aspects, not looking at it from the banking industry, is that, how is the company making its money, right? It’s making money from selling information, and it’s making money from marketing. So from an altruistic standpoint and from a consumer’s standpoint, you can say, “Yes, of course, it would be great to have it be so that people only opted in to have their information shared,” but when you’re looking at a capitalist society where companies are trying to make money, of course that’s the opposite direction.

So step one, I think, is making this information available to the consumer that this is happening, which is a step that hadn’t occurred before. So now people are more aware and can be aware and can be educated that it’s available. Step two is, how much do companies, how much does the government, how much do organizations want to have weigh on the side of the consumer?

Jared Spool: Now one of the things is when you’re talking about things like mortgage products, right? Banks sell their mortgages, right? So a homeowner—

Janice Rohn: Well, not all banks. See, there are certain companies which sell mortgages, and certain companies which are portfolio lenders which keep their mortgages.

Jared Spool: Okay, but I’m betting that consumers purchasing mortgages often don’t know whether they’re signing up with one or other of those categories.

Janice Rohn: That’s true.

Jared Spool: And all of a sudden, they’re establishing a relationship with a bank or a mortgage lender that they think is a fine upstanding citizen, only to find out that that company has then sold their mortgage to another company for whom they’ve never heard of before and now they have to establish a new relationship, and they don’t know what the policies are, and even if there was an opt in in one position, would it automatically transfer? I mean, when the institutions themselves are moving their customers around and trading them within each other. What goes with them? What gets traded? And is that a part of the problem?

Janice Rohn: And there is — anyone who’s filled out mortgage papers knows that there is a disclosure of sorts that says there’s a percentage likelihood that your mortgage will be resold. So there is some of that. When I get a mortgage, I laugh because it’s always in the lower percentage and I always know when it’s with a certain company. Of course, it will be resold. That’s their job, is to get mortgages and resell them. That’s how they make their money.

So it is interesting in that that’s why I think a lot of people go to mortgage brokers, because the relationship is often with their mortgage broker, not really who their mortgage is being farmed out to initially, and then eventually who services their loan they form a relationship with. But the company that their loan is with for 15 days, they don’t really form a relationship with that company.

Female Speaker: I just wanted to follow up on that.

Jared Spool: Absolutely.

Female Speaker: The point that was made – since we’re talking about trust – the opt in versus opt out, and it’s in the fine point in the bottom. If you scroll through six pages of garbage to get to, and plain English is just — you know, maybe it’s easier to tell you you’re being screwed. And that’s really what it is, because if you point-blank ask and you put out a poll to consumers, I would hazard to guess you’d come back over 90 percent, “Do you want your information sold to anybody, any Tom Dick and Harry all over the world?” The answer is no, and they consider that a threat.

So, I mean, you can’t have trust when this stuff is going out and identity theft and everything else. If you look at the number of people that have signed up for the Do-Not-Call list, it’s got to be a correlation. If they don’t want to be bothered at home, they don’t want all that junk either in spam or coming through the mail.

Most people I know, I mean, friends of mine, [inaudible] or their trash can for pick-up is on their way into the house, and they just sort through the mail and drop it in, three-quarters of it, before they make it into the house. But I know from skimming those privacy things and at my age in the fine print, put that stuff. If you really want to be honest and if you have any interest in your people — you send out renewal cards and other things. Put a box there. Or when you call up to verify your credit card, do you have a position? Do you want it or do you care?

Jared Spool: Now do you make choices as to which institutions you work with based on how they’ve described their behavior in their privacy policy?

Female Speaker: No, because most of the time you can’t figure it out. But I think as time goes on, well, you know, I think it’s very hard to find anybody in the big companies who you think might be otherwise secure who doesn’t do that. They make it very difficult to opt out.

Jared Spool: I understand. Just out of curiosity, a quick question. Do you have a supermarket loyalty card?

Female Speaker: Yes.

Jared Spool: Yes? So—

Female Speaker: And one of the ones, I did check, that they did have a box of whether I wanted to be, you know, have other promotional stuff. It did have a box, and I checked no.

Jared Spool: But are you aware of what they’re doing with all the information? Because every time you purchase something, everything you purchase is being recorded.

Steve Furman: There’s a little difference there, though. She’s getting a benefit. She’s getting a discount.

Female Speaker: Yeah, I do get a benefit and I waive that.

Steve Furman: Right? In exchange for giving up some information.

Jared Spool: So is the issue — but there really isn’t a discount, because all they did was raise their prices and then give you the original price if you use the card. So no one’s really getting a discount.

Female Speaker: Yeah, but if you don’t have the card, you don’t get the price.

Speaker from Panel: Well, what if they gave her a $10 gift certificate on Amazon.com in exchange for not opting out?

Jared Spool: Would that be fine with the bank if the bank gave you a toaster every time you told them something? Would that be okay?

Female Speaker: Well, no, actually I’d prefer to have a real-live option up-front when I either sign for the credit card or it gets renewed, it lets me opt out or puts some parameters. I mean, there’s also what I might think is a difference between Citibank and MBNA using —

Jared Spool: At what point will you start deciding on institutions for this ability to opt out? I mean, at what point will you say, “Well, I’m not going to bank with this given bank because they don’t give me a chance to opt out.” Are you at that point yet?

Female Speaker: Pretty close. I think between all the online security theft and identity theft, and the more I see from some of these banks, that frankly when people that I know have problems with big companies and particularly financial institutions, that you can’t get a straight answer and they don’t follow up. I mean, your potential credit and your life is screwed up and royally when you have identity theft and you don’t know what to do. And you can’t get information from these people.

Jared Spool: I understand. So is this something that is being discussed, this idea of opt in versus opt out and how — is it something that you might see the industry going towards in the future?

Steve Furman: All I would say is from our viewpoint, we have an 800-number that you can call, and you can opt out of whatever choices that you have, that you have available to you.

Speaker from Panel: That’s pretty good.

Steve Furman: And I think all institutions have that based on the law. I mean, one of the things about sending out the privacy policy and the privacy notice annually now, that started I think two or three years ago, and you have to provide a mechanism for people to be able to do that. As far as helping people through these things, there was a recent Javelin study I think in June of this year that rated financial institutions for how good they were at detecting, resolving, and preventing identity theft, and Discover was rated number one. We are known innovatively, I think, for really being proactive and in preventing fraud because it costs us money like it costs any financial institution money to do that as well. So we have a great interest in trying to erase that.

Frank Torres: What I’m hearing from some of the questions is a frustration with not knowing what’s going on with the information – what type of information is collected,and what’s being done with it, and then the ability to exercise some sort of control over how that information is being used. Even during the debate of the Graham-Leach-Bliley Act ,whenever you start talking opt in or opt out, it becomes so absolute sometimes and you get mired in kind of the language.

I think talking about it more in terms of transparency and choice, because some consumers might not care if they simply get marketing stuff in the mail sent to them, so they may not care about that. But if their account number is being shipped somewhere else, that might be a bigger concern for them.

So how do we allow for consumers to exercise a choice? One of the things that we at Microsoft have already done, although we weren’t required by any law to do so, is to create this short notice. You can still get all the legalese because we think we have to or else the FTC will get after us, so you can get to that. But we’ve also created this short notice in bigger bolder print so people can actually understand what happens to their information.

Jared Spool: I’m wondering if there’s going to be a point where — you know, a few years back, Citi was advertising that they would put your picture on the back of the credit card, so this was a big advertising campaign. I don’t even know if they still do it, but they would take your picture and put it on the back of the credit card, and somehow that would prevent credit card theft. Though, interestingly enough, for years, I’ve had messages to tellers written in the strip things like, Hey, you’re cute, make sure you check the ID. And no one ever looks at the back of my credit card.

Janice Rohn: And there’s actually some with the picture on the front of the credit card.

Frank Torres: I actually have a different story. I was in, I think, Lord & Taylor shopping, and the woman in front of me didn’t have her signature on the card, so the clerk checked it, asked her for her driver’s license, and she promptly demanded to see the manager, and went through this whole — and finally, I said, “Look, this poor clerk is trying to protect you from identity theft,” like what happens if it wasn’t, you know. So she finally got it. But I think it’s interesting that sometimes, even when you’re trying to help consumers, there can be some disconnect in some cases.

Jared Spool: I believe that’s true, but I’m wondering if we’re going to see a world where information privacy is part of a marketing plan for financial institutions, where somebody will go out and make a big deal about how you want to bank with them or you want to get mortgages from them because they are the best at keeping your information private. Is that a future you might see?

Speaker from Panel: If we keep having a lot of these data breaches, more and more consumers will care about that. Three or four years ago, it was like this is made out of recycled paper. It wasn’t really all that important to consumers. But I think the environment is changing, and some firms will probably be able to take advantage of that as a selling point.

Jared Spool: Question. Yes?

Male Speaker: I don’t know if it’s a question or a comment, but —

Jared Spool Questions are more preferred.

Male Speaker: Okay. The issue that I saw in your chart was that it seemed to be pretty constant that the somewhat trustworthy was, with the exception of the credit scores, constant. It was higher on the “a lot” that seemed to be the big difference in your scoring, and I was wondering if there was a correlation in two senses. One is that, say in banking and automatic bill payment, that’s a more mature service that’s been provided for many, many years. Where you get down on the far end and you’ve got, “Hey, Ditech, come buy your house from us now,” which is a very new genre.

The other is that I think people have a recognition that banking and banks have been in electronic transfers for many, many years, whereas they’re not quite so sure about small businesses and mortgage companies and all the other people. So I was just wondering if that’s playing into some of these confidence factors.

Jared Spool: Well, that was a question that when we were talking amongst ourselves that we had actually had, which is — I don’t know if Evans [Witt] wants to address this – how much of this study has to do with people’s confidence because these are things to do with it? An average person might apply for, what? One, two, three mortgages in their lifetime? But they do banking with their banking institution very, very frequently. And so I think that is a good question.

You want to add something to that?

G. Evans Witt: Let me try. One of the reasons you see the gradients you see in this graph is the consumer’s familiarity with the products and the services. Online banking is the most used, mortgages and loans online is the least used. It’s not a perfect correlation, but that’s the basic trend. So as people become more familiar with products and use them, you can expect to see these scores, I would suspect, go up as long as their experience is positive.

The only one where that’s not quite true is buy and sell stocks and mutual funds, which has been around a long time online, and there simply are not that many American consumers who actually buy and sell stocks and mutual funds online, as opposed to how many American consumer have bank accounts which they could conceivably access online.

The questioner’s point about the “a lot” versus “somewhat” — it is certainly true that after you’ve had a positive experience with a financial site, you’re far more likely to say, “I trust them a lot.” It’s a huge correlation there. “Trusting” and “somewhat” is a squishier category, no two ways about it.

Jared Spool: So, Steve and Janice.

Janice Rohn: I was just going to say I think that’s an interesting point, because you saw a similar thing with ATM adoption people who were at first reticent to use ATMs, trusted the human teller more than the ATM. And now you see high usage of ATM. So a similar thing with online banking, with other online transactions.

One of the things that is a positive is that there are for all these companies that are very credible, there are a lot of tools and a lot of people who are dedicated to watching things and making sure and watching for anything that is an outlier. So there’s actually a lot of oversight that’s occurring in the online world that isn’t actually occurring as strongly in some of the offline world. You can hand your credit card to someone who can go and do a double swipe, and you would never know it. Whereas something online is often detected right away.

Jared Spool: So the question I was going to ask — I think that’s great — I mean, the question I was going to ask is: When you’re crafting things like privacy policies and other materials to help people get trust in your institutions, are you aiming that primarily at new customers and potentially new investors or new credit card holders, new subscribers, or are you aiming that at your existing customers to make sure they understand? Who are you thinking of when you’re designing for these things?

Janice Rohn: Both.

Steve Furman: Definitely both. And I really think that for us, it’s not really about crafting a policy that you just send to somebody or put on the site. It’s really about how do you deliver on that to them day after day? What are you doing about their solving the problems for them? How are you monitoring their transactions and is there anything out of pattern? Are you proactively looking out for them?

I think Janice said, we all have a lot of things going on in our systems that consumers don’t know about that are protecting them all the time, and that’s really the better way to demonstrate it. Frank was mentioning the two-factor authentication, which all of us in the financial space have to do at some point before the end of 2006. Now the regulators are kind of making that compulsory. So the question is: How do you do that? And the preference is not to throw up an obstacle with somebody every single time that they are doing something that they normally do, but it’s how do you work in the background. And then, when it’s appropriate, say, “Hey, we need some more information from you.”

Like the retailer example Frank was talking about. Some retailers may have a limit, like if it’s over $150, get an ID. So sort of thinking about those thresholds so you put some speed bumps up there, and I think that’s really key. It’s not necessarily about a policy. The policies – we all have them, and I think everyone does their best in the financial world, but to live up to them. I think it’s really how do you demonstrate that to your customer all the time.

Frank Torres: And years ago, there was some survey work done about companies that did create trust, to take the steps to create trust, by either providing a more robust notice about what they did or providing greater choices or extending the information out. I think the survey, I want to say it was done by the World Bank of Canada, but actually the companies got better information from their customers. Because you can put whatever you want to sometimes on the forms, you know, but they were getting better information to actually be able to provide even better services to the customers, and everybody was pleased with the process. But I think trust is absolutely critical.

Jared Spool: Rob, you’d mention the insurance stuff you’ve done. How does this all play into the purchasing of insurance products and the researching of insurance products online?

Robert Mayer: Well, it’s telling that insurance wasn’t included here because it’s really not taken off online. It’s a little bit like the loans, because you don’t do it that often, and once you have a policy you might renew, but you don’t shop very often. So we were looking at sites that promised to compare life insurance, term life insurance policies for you, and we found a number of problems with them, and maybe this is why this sector hasn’t taken off.

But the No. 1 problem – and it still exists and maybe it’s gotten worse – is you go to a site and it says: “Shop here, you only have to go to this one site. We’ll compare policies for you and you’ll get the choice among the best policies. Save up to 70 percent.” And so you go onto the site and you fill out detailed information about your health and your sex life and a variety of things that are pretty personal. You finally get through the questionnaire, you hit the Send button, and you get a response saying, “An agent will be contacting you shortly.” So they’re really lead generators rather than comparison sites.

What was once the best site was InsWeb is now moving more and more toward being a lead generator, and maybe it’s because they found that just asking your height, weight, age, and sex wasn’t giving them enough information to give a realistic quote. So they got so many complaints from people saying, “You quoted me 300 dollars a year, but you wanted eventually to charge me 500.” They’ve given up.

But I don’t think consumers go to these kinds of comparison sites expecting to receive a phone call from an agent. That’s why they want to avoid the phone call from the agent is the reason they go on there in the first place. So I think life insurance is kind of at the end of the spectrum.

Auto insurance is probably not far away, and you’ve noticed that these parts — there ought to be places where the Internet can deliver tremendous benefits to consumers because there are huge variations in life insurance policies and car insurance policies for the same situation. The potential savings, all the studies have showed about 100 percent between the highest and the lowest policy. So that’s an area where the Internet ought to be helping consumers a lot, but it hasn’t materialized.

Jared Spool: Question, yes?

Female Speaker: Who is supporting the accuracy of those that are giving the information to a person who has the problem? You call the phone company, the bank, mortgage company with an issue, and you get a person at the other end who claims to be in authority, probably recently working at McDonald’s, has a clerical job, and is interpreting the information. Am I to accept it as the law of the issue? In other words, there are people making up interpretations of corporate policy to the consumer. How do you protect the consumer from those people who are not actually in a position to interpret their company’s positions?

Jared Spool: Can you give me an example?

Female Speaker: Yes, phone company. Long distance call. As it turns out, questioning and questioning, I got somebody who did admit she was in India. I said, “Let me talk to your supervisor, and don’t hang up.”

Ultimately, I got someone else, and again the same issue; I’m on the phone 20 minutes. I just said, “Look, I hung up and I paid it.” She told me that it was this, that, and the next thing, and it’s not because — I have done this before and this is not the way it should be done. And she said it should be done — previously it had not been done that way.

Jared Spool: So in terms of thinking about this about the Internet, is your question that the sites are — how do you know if the sites are actually accurately representing the policy of the organization.

Female Speaker: Yes, or the interpretation is accurate.

Jared Spool: Frank, is there some legal protection if sites are misrepresenting themselves? I mean, they’re putting stuff in print.

Frank Torres: Yeah, and I think that’s kind of the hook, is if a company represents that it’s doing something and that’s a misrepresentation, I think the FTC has brought cases against companies who claim one thing and then are doing something different.

Female Speaker: I’m claiming it’s misrepresentation, they’re claiming it is not. But a similar issue was a different explanation. Who do I go to?

Speaker on Panel: Well, the Internet sounds like it’s part of the solution, rather than the problem.

Jared Spool: Right, exactly. Wouldn’t the Internet, being that it’s going to tell you the company policy, be a solution to this problem? I mean, is what you’re referring to just basically a problem with talking to customer service reps who are either not well-trained?

Female Speaker: I don’t know that they’re not well-trained. They say one thing, they take on a voice that seems well-trained.

Frank Torres: Again, putting on my Consumers Union hat, one place for you to start on an individual kind of concern or challenge that you’re facing might be your state Attorney General’s office. Typically it will have an office of Consumer Protection, and that might be one place that you could go to pursue that.