Even USAA Federal Savings Bank, one of the most aggressive in its use of technology, is treading carefully in social media and mobile, where the slightest privacy SNAFU can spark a major outcry.

One of the most controversial smartphone features is the devices' ability to access a user's stored contacts. Though this feature is seemingly useful for things such as social media and person-to-person payments, consumers are resisting it because it gives third parties access to their personal information.

To make use of a phone's stored contacts, an app can send the contact list to a server controlled by the application's creator. Several companies, including Path, Twitter and Instagram, drew complaints from users when this practice was revealed. In February, Apple Inc. updated its policies to require app developers to disclose to users how they use contact-list data.

USAA has to pay close attention to such issues because most of its customers rely on technology to access account information and make payments, says Brian Riley, a senior research director in the bank cards practice at CEB TowerGroup.

USAA is "hypersensitive about security," he says. "That's just part of their culture to be very strong about data security … given the military background of the culture and given the very widespread nature of their business."

When USAA updated its mobile banking app last month, it included a disclaimer stressing that the app's person-to-person payments feature does not give USAA or anyone else access to the user's contact list, even though users can select the list to choose payment recipients.

By contrast, some "companies have come out and said that we are not only going to have information about you, but we are going to share it with our affiliates," Andy Collins, USAA assistant vice president of transactional accounts, said in an interview. "But we are wanting to make sure that we honor our members' strong desire for privacy."

Consumers' confidence in their banks' ability to protect personal data "can vary significantly from one bank to another," James Van Dyke, the president and founder of Javelin Strategy and Research, said in an email.

"Consumers are extremely concerned over this," he said.

Facebook, which has been building out its payment capabilities, has come under fire for sharing too much personal data with its business partners.

In the wake of its $1 billion acquisition of Instagram last week, some users have quit the online photo-sharing service because the deal gives Facebook a say in how Instagram's user data is handled.

Facebook did not reply to an April 16 request for comment on how banks can work with the social network in light of privacy concerns.

American Express Co. has kept Facebook at an arm's length as it uses the social network's website to allow payments from the Amex digital wallet, Serve. Although users begin by interacting with a Facebook app, they must leave the Facebook site to move any money.

Amex doesn't share any payment information with third parties, says Sarah B. Meron, a spokesperson.

Consumers generally trust banks, but the fast pace of technology could easily change that, says Aite Group senior analyst Rick Oglesby.

"As the rest of the world becomes more viral in marketing, these social information sharing [services] can be viral as well, and there is a big concern about that," he says. Banks should be careful "that they don't become a vehicle for sharing information that people don't want shared."

What do you think about this? Send us your feedback. Click Here.


Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry