User Mediated Trans-Enterprise-Web Mashups?

There has been an on again off again discussion behind the scenes at Radar about the nature of the enterprise vs. the web and how they are defined not just by their technologies, but by their frames of reference. For my part, I think the enterprise view is defined implicitly by a planning mindset and a perceived scope of control that ends at the enterprise boundary. Whereas the web is too large for effective control so it tends to be an environment more conducive to serendipity and emergent behaviors. The web and the enterprise also differ in obvious cultural ways. Web culture tends toward speed and “good enough” while enterprise culture is informed by enterprise concerns like mission criticality, legal frameworks such as HIPPA and Sarbox, security, transaction volumes, and the like. These thoughts were still rattling around in my head last month when I arrived in Montreal for the weekend.

Just like every other year, as soon as I cleared customs I skipped the crappy exchange rates at the arrival area exchange vendors and headed upstairs to my favorite ATM machine in the departure hall. I needed to get cash for my cab ride to the center of town, only this time, the machine spit my card back out like day old sushi. I tried another ATM further down the hall with the same result.

After ten frustrating minutes of IVR traversal and the international roaming fees that went with it, I was talking to a Wachovia Bank customer service representative who politely suggested “you should have called us before you left the country, then we wouldn’t have automatically blocked your card.”

Apparently Wachovia (like many other banks) has decided the best way to reduce their risk of fraudulent transactions is to convert that risk to customer hassle with an algorithm that looks something like: IF Loc Home Country/County/City SET CardStatus to Blocked. My bank is now my mom and I have to call it and get permission before I am allowed to go out and play.

The funny thing about all this is that even though Wachovia suspected I hadn’t accompanied my ATM card to Montreal, plenty of others knew that I had, including at least: AT+T (my cell phone provider), Verizon (my blackberry provider), Dopplr, USAA (I booked my flight with their credit card), Travelocity (where I booked the flight), US Airways, Plazes, Yahoo Fire Eagle (fed from Plazes and Dopplr), and naturally, the U.S. and Canadian Border Authorities.

Ignoring for a moment the fact that Wachovia had plenty of data in their own databases to feed a more sophisticated algorithm (I go to Montreal every year at around the same time and have used that exact ATM machine on multiple occasions) or that they could have just called my cell phone themselves, how might they approach this issue if they were a “web” company instead of an “enterprise” with the corresponding enterprise=scope-of-control blinders on? Is there a world outside their enterprise and might they reasonably leverage data from one or more of those sources that knew where I was? Can they think of their “SOA strategy” as reaching beyond internal line of business application integration and let it tap into, or even contribute to, the swirl of data produced by and about their customers to serve them better?

While this particular example could be resolved by Wachovia becoming a consuming application of my Fire Eagle data (with my permission), perhaps there is a broader opportunity here to facilitate enterprise-spanning and enterprise-to-web mashups while maintaining the individual as the mediator of their own data. Perhaps we need a friendfeed-like service that focuses on the cloud of transactions we all generate in our wakes while just living our lives; toll plaza transactions, cell phone location, automated electric meter intervals and billing, calls sent and received, credit card purchases, gasoline purchases, and so on… What Tom Coates calls “bureaucratic sources” but what I think of as enterprise silos that will remain hidden away in the enterprise unless I explicitly facilitate their escape on my behalf.

In Montreal my cell phone and credit card providers both knew where I was but they couldn’t tell Wachovia even if it had occurred to Wachovia to ask, because they know I would go nuts over the privacy implications. I want a Jim-centric data market where I am the arbiter of the exchange. One where if enterprises could expose my location in a trusted way, I could happily be the one to share it with Wachovia for a limited time and for a limited purpose so that they could serve me better.

So, to make that possible, I want a personal Jim’s Message Service (JMS, you can call yours *MS) where the topics and data are mine, and the publishers and subscribers are the web properties and enterprises where I either produce my data or choose to share it. Enterprises can still persist my data in their silos, but I want a hand in mediating the trans-enterprise and web-enterprise-spanning data flow. And, I want it all in one place with simple to use controls so it is easy for me to keep track of what I’m sharing and who I’m sharing it with. I don’t want a Fire Eagle for each domain (or topic) scattered all over the web and I don’t want to have to go through the web pages of every business I deal with to control how they release my data.

As a bit of an aside, in this context things like Mint or Wesabe might be useful for more than the online financial management they are designed to do. To do what they do they have to connect to all of the financial institutions we are likely to deal with, and those connections themselves might be useful as sort of a big JCA-style adaptor into our JMS financial topic. This kind of aggregation might work fine until enterprises offer their own adaptors into our JMS and make it unnecessary.

By the way, just to finish the story, it turns out I was charged a significant “foreign transaction *convenience* fee” as well as a percentage of the transaction. Both fees were new and presumably assessed to pay for that complex new fraud detection algorithm. So, next time I travel to the far off land of Canada I’ll just take cash and go to the cambio exchange window like everyone else.

tags: ,
  • http://www.wesabe.com Marc Hedlund

    (I’m the CEO of Wesabe.) Wesabe offers a full API for this and other purposes. My post, “Your bank has a REST API now (shh — don’t tell them!),” describes why we did this:

    http://blog.wesabe.com/2007/07/12/your-bank-has-a-rest-api-now-shhh-dont-tell-them/

    I believe we are the only site to offer automated bank data sync and a full API for that data. Using the service or the API is free.

  • http://www.gerv.net/ Gerv

    I just got caught by this exact thing today. The bank concerned is Barclays. Apparently, I can call them before I go, or set the “travel” flag via online banking. <sigh>

  • http://1raindrop.typepad.com Gunnar

    “while enterprise culture is informed by enterprise concerns like mission criticality, legal frameworks such as …security,”

    if only that was true, for the most part they just chuck your data on to MQ series with no authentication, like running the whole global financial system on anonymous ftp, who’da thunk it?

  • Jim Stogdill

    Ha! @Gunnar you shouldn’t have told. Now everyone will know. Anyway, you are absolutely right. I didn’t mean to imply that enterprise culture always resulted in bullet proof implementations. But talking about that kind of stuff all the time does seem to seep into the culture and impact things like *perceived* risk taking.

  • http://1raindrop.typepad.com Gunnar

    Jim – Exactly! What you see a lot of times is they get all the downsides of security – usability issues, inconvenience, cost, slowness; and none of the upside like confidentiality and integrity.

  • http://www.dukasi.de Bernhard

    Obviously there are in each country bureaucratic hurdles, it slowly is valid to eliminate. The Internet is a large not regulated by law area, in which ever more dubious shapes entrance are. So one should bring rather structure and control into the viruelle world. Greeting from Thuringia in Germany!

  • http://www.idovos.com Gary Dennis

    (I am CEO of Mantissa) Your experience in Canada is shared by millions of customers (and customer service reps) and you don’t have to leave the country to get “the treatment”. Something as simple as buying a song off iTunes in Florida when you usually purchase off iTunes from your home in Birmingham can trigger this response from the card issuer.

    Many believe that more data mining and/or data coordination is the answer to this problem. Your suggestion that the the user be given more control is more reasonable. There already exists a system which gives each individual control of personal identity assets (See http://www.idovos.com ).

    Assets protected by iDovos™ can be anything from brokerage accounts to debit and credit cards. Wedge simple in the way it operates, iDovos attaches a virtual owner-controlled on/off switch on each identity asset. It achieves this without storing or transmitting use-enabling data like account numbers and passwords. A voice-verified or pin-secured phone interface or browser interface can be used to set or change the on/off state of the asset. Also available is an “egg-timer” capability that leaves the asset in the “on” state for a specified number of minutes and then moves it to the “off” state.

    The system also incorporates life-style support so that specific assets can be turned to the “on state” on a schedule. For example, access to a 401K account could be set for a 3 minute window Thursday evening at 9PM.

    Using iDovos, the algorithm goes from:

    IF Loc > Home Country/County/City SET CardStatus to Blocked.

    To

    If CardVirtualSwitch = “OFF” SET CardStatus to Blocked.

  • http://williamhayes.org/blog William Hayes

    Project VRM Blog (about the Open VRM project) http://blogs.law.harvard.edu/vrm/

    The goal of this is to provide a counter to CRM solutions that is in the hands of the customers. The basic idea (as I understand it being an interested bystander) is to manage a personal profile of which vendors can access parts based on authorization profiles.

    This seems exactly like what you are looking for (the friendfeed concept above). When you think about all of your health records, financial records, travel, etc and the need to expose various parts of your life in various instances, the Open VRM project sounds like it’s exactly what will be needed in our hopefully not so Brave New World. Just being able to expose SELECTED personal information to a database robot so I don’t have to manually fill out any more multiple page forms at the {Bank|Doctor|…} which are currently ubiquitous.

  • Larry

    Jim, you should switch banks. Chase doesn’t do that. Don’t take it lying down.

  • Charlene

    Thanks for the heads up! I’m planning on traveling through Canada for 3 days (instead of taking the US route.

    One other question. Is it really better to use the ATM to get Canadian $’s or since I have time and have to go to AAA anyways, to get Canadian Traveller’s Checks?

  • Jim Stogdill

    @Charlene: Sorry, I haven’t used travelers checks in at least a decade and, until this recent change in my bank’s level of service, had exclusively used ATM machines in that time. So I don’t know what to tell you about those. You can always just bring some cash and exchange it at the airport if you aren’t going to be there very long.