A framework for payments data monetization
Still hard to do at scale
Key insights in this post
Payments data is rarely monetized outside back office functions like fraud monitoring. Three principles characterize why:
Payment messages usually lack SKU data that would make them valuable
Industry fragmentation makes any solution less valuable, outside a utility
Privacy and compliance concerns limit data use even when it is valuable
Principle 1: SKU Data (Level 3)
Lever 3 detail would makes payments data useful for CPG promotional spend
Only commercial cards routinely capture Level 3 data
Principle 2: Industry Fragmentation
No single entity has enough data to interest users
Consumer banking fragmentation is enforced by regulators such that even the biggest banks range from 10-30% share; AXP has leading share in commercial as the main exception
Spend fragmenting is advancing, making it harder for any issuer to know the full picture of customer spend
Principle 3: Compliance
The national deposit cap keeps the banking industry fragmented
The Durbin cap pushes debit centric consumers to neobanks
Rule 1033 will restrict aggregators from secondary use of permissioned data
Various regulations protect consumer privacy by limiting data use
Framework: A 2x2 with Spend fragmentation on one axis and Issuer fragmentation on the other
Commercial cards are characterized by low issuer fragmentation and low spend fragmentation. They routinely capture SKU
Credit Cards are characterized by low issuer fragmentation but increasing spend fragmentation. They do not capture SKU
Debit Cards & ACH are characterized by high issuer fragmentation but low spend fragmentation. They do not capture SKU
Pay-in-4 & Off-site ATMs are characterized by high issuer fragmentation and high spend fragmentation. Pay-in-4 sometimes captures SKU
Solutions: Monetization may be possible by defragmenting markets
Network Level 3 mandates for consumer cards could address Agentic Commerce adjudication and then be used in other ways
New bank data utilities could be formed now that Open Banking has made all data non-proprietary in the first place
Aggregation plays like Plaid’s LendScore create value from bank data, although they have to build use cases one consumer at a time
Conclusions: Payments data is still not that useful unless it captures SKU and the industry de-fragments
Open Banking may trigger the formation of new utilities now that data is not proprietary to a single bank
Aggregation can make some data more valuable, but faces Rule 1033 limits on secondary use of permissioned data. It also must grow one consumer at a time
Introduction
Early in my Payments in Full journey, I wrote a post called “The payments data illusion”. It argued that payments data doesn’t have enough information content to be useful beyond operational tasks like fraud detection. I stand by that conclusion. Since then, several developments support my case. I thought it might be useful to bring that post up-to-date. Also, very few of you read it, so this topic will be fresh to most readers.
My argument rests on three principles:
Payment messages usually lack SKU data that would make them valuable
Industry fragmentation makes any solution less valuable, outside a utility
Privacy and compliance concerns limit data use even when it is valuable
The argument applies to all stakeholders in the payment system: Issuers, Networks, Acquirers, and most Fintechs. Each rule has exceptions, but those exceptions usually face limits from the other two principles.
This post will discuss each principle and then present a framework for thinking about data monetization. I will also explore ways to use payments data more productively.
Principle 1: SKU-level data
All card payments operate on the ISO 8583 message standard. 8583 has a provision for SKU data (i.e., “Level 3”), but it is only used broadly for commercial cards. Consumer cards typically stick to the basic record, half of which are text fields such as the transaction description you see on your statement. The message includes useful data such as a retailer code, location, amount, merchant category, data & time, etc.; but, these don’t really help for marketing purposes.
For example, what do you really know about a transaction that spends $100 at Walmart, Amazon, Costco or Target? It could be anything. The biggest promotional spending pools are at CPGs not Retailers, and without SKU you cannot prove conversion.
Cardlytics is the poster child for this problem. They aggregated almost all the big banks, at least for debit card. Consumers opt into retailer-level offers and redeem just by spending on that card. They defeated fragmentation & compliance, but not SKU. Their market cap today is $40M. The market has spoken: high-level 8583 data is not useful for marketing.
I mentioned that some commercial cards do capture SKU, these include purchasing cards, T&E cards, and Fleet cards:
In domestic purchasing and T&E the challenge is fragmentation. Virtually every large bank offers a T&E card and purchasing card which they cross sell into their Treasury Services clients; Almost all use the same TSYS card platform. The whole space is commoditized and sold largely on how much of the interchange the issuer gives back to their commercial client. Some issuers do differentiate:
In Fleet, Private label networks work with fueling brands to transfer select SKU data such as odometer reading, price per gallon, fuel grade, and gallons purchased. 2-3 fleet brands dominate. Fleet managers use this data to monitor for fraud & abuse and to negotiate discounts with the fueling brands
In T&E, American Express dominates the MNCs. Their secret sauce is the ability to issue globally. Only Citi has similar capabilities
In Purchasing, American Express also has outsized share. SKU is required to compare pricing against contracts. Visa has tried to catch up by incenting merchants to send SKU; many were sending dummy data. Visa has stepped up enforcement bring their product to parity, if not leadership
Expense Management cards, form Fintechs like Ramp & Brex are moving up market from their Startups base. They built modern systems that provide a superior digital experience and integrated AI tools
In most Commercial Cards, SKU has become a commodity; differentiation now happens outside the payments data itself. That is largely due to the fragmentation principle.
Principle 2: Fragmentation
Historically, bank data was monetized through Utility-like entities like credit bureaus or EWS Certos . Akoya may be another example. Today, thanks to JPM, banks can monetize data access, but fees may be constrained by Rule 1033 (compliance principle).
To monetize data, a bank need to enough share to interest marketers. Most buyers don’t want a solution that covers a small share of the market; however, payments markets are fragmented:
In DDA, the biggest banks have only 10-15% share each
In credit card, the three biggest issuers have 20-25% share each
In acquiring, the 5 biggest have 80%+ share, but the biggest may only have 30%
In networks, Visa may have ~60%, but it has no demographic data on cardholders
Other Payments entities face similar hurdles including fintechs and wallets. It is telling that none of these have meaningful data businesses outside fraud detection. PayPal & Fiserv advertising plays will likely flop. BNPL is a tiny exception. Cardlytics has almost 100% debit coverage but limited credit coverage.
No single entity has enough data coverage to create products that appeal to retailers or CPGs. When JPM launched ChaseNet, we demonstrated that closed-loop transactions had better fraud performance if merchants shared a bit more data. But it only applied to 15-20% of the merchant’s volume (debit plus credit). The merchants needed exception processes just for ChaseNet but the fraud lift was not sufficient to justify the cost.
Fragmentation takes another form when consumers split their spending across accounts. This is most common in credit cards where some consumers use several cards to claim outsized rewards offers. For example, they may use their Amazon Card only at Amazon, a Costco card only at Costco, a Savor card only for dining etc. So even if an issuer could monetize data, it may not see the full 360% view of spend.
Debit and DDA are less fragmented. Most consumers consolidate their liquidity in a single checking account from which they make the bulk of their payments. If they don’t have credit cards, they concentrate all retail spend on their single debit card. So, debit card data is more comprehensive than credit card data for a given consumer, but only if that consumer is un-creditworthy and lacks credit cards.
Forming utilities is a solution to fragmentation. But even when they form utilities, like EWS Certos, the member banks may not agree on the scope of the data shared, how the data is packaged into products (raw data versus attributes or scores), how they are priced, and who they can be sold to. That adds lead times to development and limits the value of the utility. Not all banks contribute to EWS Certos, or they contribute some types of data but not other types. Often the banks worry about data leakage to competitors. They want the utilities to have the minimum data possible and the narrowest mission.
One of the genius moves of ClearXchange (before my time), was creating a “thin directory” that carried almost no data. It held exactly four elements: Email, Mobile, Routing Number & Account Number. This got around most competitive concerns. It wasn’t until ClearXchange was subsumed into Zelle that the value of that directory was fully realized. Even today, Zelle only reaches ~80% of DDAs. If you need to send or receive from the remaining 20%, you need to use another P2P, use cash, or write a check (the horror!).
When Zelle faced bad publicity around fraud and scams, one solution was to collect more data from the banks so that abuse could be detected at the network level. It didn’t happen. Some banks worried about secondary use by competitors and were doubtful it would solve the problem. Zelle limited abuse instead by reversing liability to the receiving bank (who banked the crook) – giving them an incentive to root out bad actors individually.
That may be why many utilities end up in the hands of third-parties. Credit Bureaus are the best example. Banks freely contribute data but pay to use the results. Nice business model! Of course, the Bureaus were jealous of FICO who used bureau data to create the industry standard credit score. Ultimately, they banded together to create the rival Vantage Score which the GSEs just authorized to be used alongside FICO for mortgage lending. The data utilities banded together to form a macro-utility!
Principle 3: Compliance
Banks are very careful about how they use data. Many regulations govern privacy, marketing, and other use cases. One concern about Open Banking was that if a customer asked their bank to limit marketing calls, would the aggregators honor those requests? Would they even know about them? If the customer complained, could the bank be liable?
A final Rule 1033 will eventually emerge at the CFPB. It will likely ban secondary use and limit the data that an aggregator can request to what is specifically required for the authorized use case. Nevertheless, Open Banking make bank data a “commons”. It will be freely monetized by Aggregators, Fintechs, and GenAI agents – with customer permission.
However, aggregation works one customer at a time. It would be hard to mass enroll a high share of consumers onto a common use case. In the case of Plaid’s LendScore, perhaps they can mass market the service to debit-centric consumers, but that will be expensive and Plaid itself is a B2B company. If some Fintech establishes itself as an alternative bureau, it faces massive marketing costs to enroll a critical mass and keep the score current. It isn’t clear that 1033 secondary use limits allow them to sell the scores at all.
Compliance prevents banks from monetizing their own data in certain ways, but it may also prevent Fintechs & aggregators from doing so at arms-length. That may be the new frontier in the 1033 wars.
Framework
The analysis so far suggests a simplified framework to explain why data monetization is so hard. It depends primarily on the fragmentation principle:
Commercial Cards
(lower spend fragmentation, lower issuer fragmentation)
These products use SKU data capture as a key attribute. While spend fragmentation is not shifting, Issuer fragmentation is increasing. Companies rarely fragment their spend since issuers offer big consolidation incentives. The issuer side, where AXP leads is slowly fragmenting:
T&E – Although Visa & MasterCard have T&E products, AXP leads because it can issue globally, and only Citi can do that as well. These two serve virtually the entire MNC market. Domestic-only cards are more fragmented as banks cross-sell these with Treasury Services
Purchasing cards – AXP leads, but global issuing is not a key success factor so the market is fragmenting and commoditizing around rebate levels. Virtual Cards, a single-use commercial card, has further fragmented the market to Fintechs
Fleet cards – Concentrated historically because only a handful of issuers built dense enough Fueling acceptance footprints providing SKU data. Visa & MasterCard Fleet cards now collect this data so fleet cards may fragment over time. The network-branded cards can also be used at C-stores, repair shops, and restaurants that some fleet use cases require. Breadth of acceptance becomes a key differentiator rather than the SKU data. As a result, Fleet may fragment more.
The Expense Management companies, like Ramp & Brex, solve for Level 3 with receipt capture rather than the card message itself. The cardholder snaps a picture of the receipt and optical character recognition lifts line-item detail and posts it to specific accounts. The data can populate expense reports and fraud & abuse analytics. Since most companies require receipts anyway, this adds no friction to the experience.
Historically, closed-loop Commercial Card issuers differentiated by data and acceptance footprint, leading to consolidation; Open network cards and fintechs fragment those markets by commoditizing data and footprint. That leads to price competition (banks) on the one hand and a focus on user experience (Fintechs) on the other.
Credit Cards
(higher spend fragmentation, lower issuer fragmentation)
In Credit Card, consumers fragment their spend while their issuers are consolidating.
Rewards competition incents consumers to fragment spend across several cards. I know people who only use their Amazon card at Amazon or their Costco card at Costco. I spoke to someone recently who took a Venmo debit card to capture 5% savings on groceries. That erodes the primary card status that issuers have focused on for a generation.
It extends to bill pay, another anchor to primacy. Telcos now incent for Direct Debits instead of cards. I recently shifted both my Cable bill and my Mobile bill to direct debits as a result. The savings were far higher than I would have gotten via rewards. Surcharges are another way this is happening since they encourage cash and debit use. I’m not sure many people shift methods to avoid surcharges, but some do.
I see no sign of the rewards “race to the bottom” ending anytime soon. The imminent merchant settlement may make this even more challenging as it squeezes interchange. Only the highest scale issuers will be able to sustain rewards levels with lower interchange levels.
On the issuer side, I showed a few weeks ago that the top 5 issuers now command ~80% of spend, and they are still outgrowing the market. Some of this is inorganic, like the COF/DFS merger or the shift of the Apple Card from Goldman to Chase. All the regional bank M&A consolidates the long tail towards its top. JPM, AXP, & COF are the big winners here as they dominate the high spending products, especially Affluent Cards & Small Business Cards.
The big 3-5 issuers may have enough consumer breadth to build data businesses, but they are increasingly seeing less of the spend from any one cardholder. Some issuers, like Bank of America, mostly cross-sell cards to their DDA customers and can see a broader range of spending, but some of that spending will simply be the monthly payments to other credit card issuers. And none of that data is proprietary due to Open Banking.
Debit & ACH
(lower spend fragmentation, higher issuer fragmentation)
In debit & ACH, consumer spend is generally consolidated in a single account, but the banks themselves are fragmented.
By law, banks with 10%+ of national deposits cannot grow deposits inorganically. JPM, BAC & WFC are the only ones subject to the cap, and each has 10-15% share. That means that any data business only sees a fraction of the population. Furthermore, their affluent consumers spend on Credit Cards, but fragment their spend. In contrast, debit-centric consumers typically consolidate their activity on a primary debit card.
At least they did until Neobanks came along. I see evidence that debit-centric consumers keep secondary accounts at Fintechs like Chime & Cash App. That may be to qualify for EWA services and Advances that banks don’t offer. Some of this is also at Fintechs like Venmo which pay outsized rewards for debit spend is some categories. As a result, even the primary bank may not see the full range of activity from debit-centric consumers.
Finally, none of this data is proprietary in the face of Open Banking. Plaid’s LendScore is evidence of its value and its availability to any Fintech that can get customer permission.
Lower right
(higher spend fragmentation, higher issuer fragmentation)
I could not think of a conventional payment method with this characteristic. It has to be commoditized to fit here at all. But off-site ATMs and Pay-in-4 lending may fit the bill.
No consumer cares what off-site ATM they use but all banks make their ATMs available. In some cases, their DDA bank absorbs the ATM surcharge, so the consumer is truly indifferent. In other cases, the consumer is more focused on convenience than surcharge price. Many banks offer consumers surcharge-free network access (e.g., Allpoint, MoneyPass), making customers price insensitive and issuer insensitive.
Further, the data in an ATM transaction is not particularly valuable, and the declining use of cash makes it hard to build up a usage pattern.
A more current example might be Pay-in-4. The merchant usually picks their Pay-in-4 partner and therefore the consumer has no real choice. Different merchants have different partners, forcing consumers to use several services. The products are standardized, so choice doesn’t really matter: All Pay-in-4s charge no interest and are structured the same way. They can differ on late fee policies.
The advantage to both the consumer and the affiliated lender is that the offer appears on the product page, not at checkout. PayPal & Apple Pay Later are available everywhere in their acceptance network, but only at checkout. From a data perspective, Pay-in-4 users spread their volume around and only affiliated merchant data includes SKU. For POS transactions, consumers may be brand loyal using an App.
The average user doesn’t do enough affiliated transactions in a year within a single lender to build up a data pattern. Since unaffiliated POS locations are outgrowing affiliated transaction, the data situation is getting worse not better.
Solutions
I see a few openings where payments data, broadly defined, could be monetized.
Level 3 data mandates
If Visa/MC forced consumer-facing merchants to share Level 3, as it is now doing for commercial-card-facing merchants, it would change the game. Visa might do this to enable Agentic Commerce adjudication, i.e., validating that Agents fulfill their commerce prompts accurately. That would settle the liability question. Would such rules limit Level 3 data to Agentic adjudication or provide more open access? Merchants consider SKU data their crown jewels and may not take kindly to forced sharing.
If that Level 3 data starts flowing, everyone in the ecosystem would see it: Networks, Issuers, Acquirers, & Processors. Further, once the data hits an Issuer, it is subject to aggregation. Networks can’t restrict Level 3 to themselves or block it from the aggregators. If the networks tried to monetize it themselves, I see a lot of friction with the issuers and the merchants. I foresee much litigation in such a situation.
Utilities
Banks/Card Issuers could form utilities to share data in a safe environment. EWS Certos is one such effort. Small Business Financial Exchange is another. Such utilities take a long time to achieve critical mass. Notably, both my examples are give-to-get, with no free riders or third-party customers.
The big card issuers have never to my knowledge tried to create a captive consumer credit bureau because they trust each other less than they trust the bureaus. Now that the five big issuers have so much share, this could be practical. Paradoxically, Open Banking makes this more likely as none of the in-scope data is proprietary anymore. Plaid’s LendScore is Exhibit 1 for this.
Aggregation
Plaid’s new LendScore develops a cash-flow based credit score from a consumer’s checking account data; but, it does this one consumer at a time. This gets around the data value principles but fails the two others:
Fragmentation: Unlike FICO scores, Vantage Scores or credit bureaus, LendScore doesn’t cover a mass of consumers all at once
Compliance: Rule 1033 may ban secondary data use. I am unclear whether Plaid could create a one-time LendScore for a Fintech and then resell it to other lenders. That may fail the compliance principle. Being Plaid, they may find a way around this
Conclusions
Payments data is not that valuable outside of back-office use cases like Fraud – largely because it lacks SKU detail. Even if the data was useful, no single participant in the fragmented payments ecosystem has enough data to be meaningful. Even if the data was useful and aggregated, certain privacy and compliance restrictions might undermine its value.
Historically the industry formed utilities to get critical mass, but these are hard to pull off. Open Banking could create the urgency to do this more broadly since payments data is no longer proprietary.
Open banking itself faces a fragmentation challenge. Aggregators can reach any consumer account, but getting enough consumers to give permission is a huge challenge. Aggregators and Fintechs will no doubt try, but this will take time to pull off. Even then, they may face secondary use restrictions from Rule 1033 – if the CFPB ever gets around to issuing it.
These are real value add posts. Great work.
It will be interesting to see what Fintechs like SOLO or Consortiums like Akoya impact the space and lets not forget Chase. Beyond transactional data, there are use cases like KYB, KYC for profile data that many of these same entities also store