Walking Wounded

Let us suppose we can divide the world into those who trust service companies to treat their customers fairly, and those who assume that service companies will be looking to exploit any customer weakness or lapse of attention.

For example, some loyal customers renew without question, even though the cost creeps up from one year to the next. (This is known as price walking.) While other customers switch service providers frequently to chase the best deal. (This is known as churn. B2C businesses generally regard this as a Bad Thing when their own customers do it, not so bad when they can steal their competitors' customers.)

Price walking is a particular concern for the insurance business. The UK Financial Conduct Authority (FCA) has recently issued new measures to protect customers from price walking.

Duncan Minty, an insurance industry insider who blogs on Ethics and Insurance, believes that claims optimization (which he calls Settlement Walking) raises similar ethical issues. This is where the insurance company tries to get away with a lower claim settlement, especially with those customers who are most likely to accept and least likely to complain. He cites a Bank of England report on machine learning, which refers among other things to propensity modelling. In other words, adjusting how you treat a customer according to how you calculate they will respond.

My work on data-driven personalization includes ethics as well as practical considerations. However, there is always the potential for asymmetry between service providers and consumers. And as Tim Harford points out, this kind of exploitation long predates the emergence of algorithms and machine learning.

 

Update

In the few days since I posted this, I've seen a couple of news items about autorenewals. There seems to be a trend of increasing vigilance by various regulators in different countries to protect consumers.

Firstly, the UK's Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms. (via The Register).

Secondly, new banking rules in India for repeating payments. Among other things, this creates challenges for free trials and introductory offers. (via Tech Crunch)

---

Machine Learning in UK financial services (Bank of England / FCA, October 2019)

FCA confirms measures to protect customers from the loyalty penalty in home and motor insurance markets (FCA, 28 May 2021)

Tim Harford, Exploitative algorithms are using tricks as old as haggling at the bazaar (2 November 2018)

Joi Ito, Supposedly ‘Fair’ Algorithms Can Perpetuate Discrimination (Wired Magazine, 5 February 2019)

Duncan Minty, Is settlement walking now part of UK insurance? (18 March 2021), Why personalisation will erode the competitiveness of premiums (7 September 2021)

Manish Singh, Tech giants brace for impact in India as new payments rule goes into effect (TechCrunch, 1 October 2021)

Richard Speed, UK competition watchdog unveils principles to make a kinder antivirus business (The Register, 19 October 2021)

Related posts: The Support Economy (January 2005), The Price of Everything (May 2017), Insurance and the Veil of Ignorance (February 2019)

Related presentations: Boundaryless Customer Engagement (October 2015), Real-Time Personalization (December 2015)

As How You Drive

I have been discussing Pay As You Drive (PAYD) insurance schemes on this blog for nearly ten years.

The simplest version of the concept varies your insurance premium according to the quantity of driving - Pay As How Much You Drive. But for obvious reasons, insurance companies are also interested in the quality of driving - Pay As How Well You Drive - and several companies now offer a discount for "safe" driving, based on avoiding events such as hard braking, sudden swerves, and speed violations.

Researchers at the University of Washington argue that each driver has a unique style of driving, including steering, acceleration and braking, which they call a "driver fingerprint". They claim that drivers can be quickly and reliably identified from the braking event stream alone.

Bruce Schneier posted a brief summary of this research on his blog without further comment, but a range of comments were posted by his readers. Some expressed scepticism about the reliability of the algorithm, while others pointed out that driver behaviour varies according to context - people drive differently when they have their children in the car, or when they are driving home from the pub.

"Drunk me drives really differently too. Sober me doesn't expect trees to get out of the way when I honk."

Although the algorithm produced by the researchers may not allow for this kind of complexity, there is no reason in principle why a more sophisticated algorithm couldn't allow for it. I have long argued that JOHN-SOBER and JOHN-DRUNK should be understood as two different identities, with recognizably different patterns of behaviour and risk. (See my post on Identity Differentiation.)

However, the researchers are primarily interested in the opportunities and threats created by the possibility of using the "driver fingerprint" as a reliable identification mechanism.

• Insurance companies and car rental companies could use "driver fingerprint" data to detect unauthorized drivers.
• When a driver denies being involved in an incident, "driver fingerprint" data could provide relevant evidence.
• The police could remotely identify the driver of a vehicle during an incident.
• "Driver fingerprint" data could be used to enforce safety regulations, such as the maximum number of hours driven by any driver in a given period.

While some of these use cases might be justifiable, the researchers outline various scenarios where this kind of "fingerprinting" would represent an unjustified invasion of privacy, observe how easy it is for a third party to obtain and abuse driver-related data, and call for a permission-based system for controlling data access between multiple devices and applications connected to the CAN bus within a vehicle. (CAN is a low-level protocol, and does not support any security features intrinsically.)

---

Sources

Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno, Automobile Driver Fingerprinting Proceedings on Privacy Enhancing Technologies; 2016 (1):34–51

Andy Greenberg, A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive (Wired, 25 May 2016)

Bruce Schneier, Identifying People from their Driving Patterns (30 May 2016)

See also John H.L. Hansen, Pinar Boyraz, Kazuya Takeda, Hüseyin Abut, Digital Signal Processing for In-Vehicle Systems and Safety. Springer Science and Business Media, 21 Dec 2011

Wikipedia: CAN bus, Vehicle bus

---

Related Posts

Identity Differentiation (May 2006)

Pay As You Drive (October 2006) (June 2008) (June 2009)

Organizational Intelligence at Aviva

A few weeks ago, I spotted a quote in Computer Weekly from Toby Redshaw, global CIO of Aviva. Speaking about Aviva's cloud-based Web 2.0 platform - which includes an intramural social network, a global knowledge management solution, a collaboration suite and a sophisticated content management/intranet - Toby asserted that the results were spectacular in terms of improving workers' access to expertise, ideas and solutions, and described this as a general increase in the firm's cumulative IQ.

Source: Ian Grant, Aviva uses Web 2.0 to build corporate culture with global reach (Computer Weekly, Feb 2010)

Given my ongoing researches into organizational intelligence, I was of course very interested to follow this up, and recently I managed to grab an hour of Toby's time to learn more about Aviva's experience and his future plans.

For a global corporation like Aviva, the online world provides a virtual equivalent of the company "campus" that emerged in the 1980s, and is still popular with technology companies like Microsoft and Vodafone. A physical campus can be an efficient clustering of co-workers, or it can be a confusing sprawl - see Brian Lam's personal impressions of Microsoft and Apple, Gizmodo March 2008. But in any case, a physical campus is limited to co-located workers, and does not provide a solution for a globally distributed enterprise such as Aviva.

The Aviva Web 2.0 platform provides horizontal connectivity across the globe, helping to integrate the global intelligence of the firm. The benefits are as follows

• Consistency ("One Aviva, twice the value").
  
• Reducing cycle time for decision-making and problem-solving (cut "waste"). Improving the quality and efficiency of decision-making.
  
• Reducing the innovation cycle time (cut "uninnovation"). Innovation involves not only solving problems, but getting the solutions out into the mainstream.
• Reducing communication time, e.g. for disseminating top-down management vision.
  

I asked about the platform's role in picking up weak signals from the environment. Clearly there are specialist functions within any large insurance company (investment management, risk management, security and fraud) that need highly sophisticated mechanisms for monitoring the environment, with rapid sense-and-respond, especially from a financial perspective. While the platform doesn't replace these mechanisms, it provides an efficient and integrated way of communicating insights within each functional specialism.

For more general weak signals (for example, picking up new kinds of customer demand or customer service issue), there may be a greater role for non-specialists to contribute observations and ideas, which might (if repeated and confirmed around the organization) lead to new opportunities for product or process innovation, with a much more generalized notion of "sense-and-respond". Although the Aviva platform does not yet support this kind of bottom-up analysis, Toby sees an opportunity to bring more traditional business intelligence and analytics into the platform, which would allow data mining and number crunching capability to be distributed more efficiently around the organization. Like many organizations, Aviva identifies three levels of business intelligence user. For most people, business intelligence merely means having a reasonably comprehensive picture of what-is-going-on, using dashboards and similar devices offering multiple views but with fairly static schemas. For business number crunchers, the platform could help to bring some coherence and order into a turbulent sea of spreadsheets. And serious data mining and statistical analysis would remain the responsibility of a relatively small handful of experts. but with the power to collect data from a larger and more distributed pool, and then disseminate their findings more effectively around the company. In the first instance, the challenge is not to extend business intelligence capabilities as such, but to use and share the existing capabilities more efficiently, and reduce duplicated analytic effort.

Critical to the success of the platform is its ability to integrate traditional knowledge management and communication with the business process itself, so that the platform is not a stand-alone adjunct to the day job. The key here is to integrate the platform with BPM tools, both as a construction framework to allow process-related problems to be solved collaboratively, and to allow the platform to inject decision-making and problem-solving support into the operational process. My understanding from Toby is that this is very much work-in-progress.

A platform like this cannot be done on the cheap, and Aviva has already invested millions of dollars in the technology alone. Over time the technology will get cheaper, but the effective use of the platform is learning-intensive, and Toby believes that 12-18 months' worth of cultural change gives Aviva a considerable competitive advantage, which late adopters will find it hard to catch up. Early evidence for the perceived value of the platform can be measured in terms of the volume of use -  the number of forums (running into tens of thousands, some short-term single issue, others more ongoing), and the amount of time spent per employee using the platform. This usage represents a vote of confidence in the usefulness of the platform. In the future, it may be possible to measure the business value in more direct ways.

One of the difficulties managing this kind of technology is knowing how much to spend on ongoing improvements. There is a continuous stream of innovations from suppliers, as well as a constant wishlist from the more technically enthusiastic sectors of the workforce, and it is often hard if not impossible to see the business value of any particular improvement in isolation. Furthermore, Toby points out that there can often be a huge variation in the prices charged by different vendors for systems with broadly simmilar business benefits, and says that procurement skills and experience are essential.

It is a common cliche that radical initiatives require senior management support and commitment. But with this kind of platform, it is not enough for senior management just to sign the cheques and act as cheerleaders (acknowledging and praising achievements and those responsible for them) - they also need to be seen using the platform themselves. Thus the CEO and CIO blogs are featured on the Aviva platform home page, giving particular prominance not only to the content of their ideas but to their commitment to the process and their belief in its value. (Obviously if senior management blogging were to become more and more infrequent, this might send a negative message to the rest of the workforce.)

Is this venture limited to Aviva's own workforce? Based on Bill Joy's remark "Not all smart people work for you", which Toby quoted, there are clearly opportunities to extend this platform into the Aviva ecosystem - for example external providers and channel partners, one day even perhaps customers - thus leveraging the intelligence of the ecosystem as a whole. There are some obvious challenges here - not just technological but commercial - so this isn't going to happen overnight, but it would undoubtedly be an interesting development for any company of Aviva's reach.

In any case, regardless of these speculative future visions, Aviva is clearly embarked on a promising and ambitious journey of systematically improving its organizational intelligence, and I look forward to following its progress in the future.

A business case for collaborative action

#SOA #insurance #govit @mcgoverntheory asked if anyone was interested in learning how insurance carriers partnered with state GOV to stand up SOA for online coverage verification?

Where is the business case for this initiative? There is certainly a demand, going back to this 2001 article on the Growing DMV Reporting Headache, and James points to a March 2004 document on the IICMVA website called Online Insurance Verification Using Web services to verify auto insurance coverage (pdf).

The IICMVA document outlines the problem - costs incurred by uninsured motorists, complicated and varied procedures for verifying insurance between different states - and so it makes clear that a web service solution might be a good idea. But a business case has to go further than this.

Firstly it must show that the benefits outweigh the costs (and risks). In a collaborative scheme, it isn't always obvious who is going to pay for the scheme, so there may be alternative options for funding the development followed by some kind of charge-back during operations. Each party that is investing in the scheme will presumably need a business case to justify its own investment. But if there aren't sufficient benefits to cover everyone's costs, then the scheme just isn't viable at all.

Searching the internet, I found a presentation by Loren McGlade and Jon Neiditz from the ACORD/LOMA Insurance Systems Forum (May 2009) mcglade_neiditz.pdf; mcglade_neiditz.mov; mcglade_neiditz.mp3. This presentation contains a lot more than the March 2004 document in terms of quantifying the potential benefits and cost-savings of the scheme.

And secondly, in a collaborative scheme like this, the viability depends on the number of people who join. In this case, how many insurance companies and how many states have to participate, in order for the scheme to deliver the benefits. Given that the benefits are largely dealing with the complication caused by the differences in regulation between states, this only makes sense if multiple states are involved. But how many?

I've done a number of business cases of this kind, where the viability of a multi-agent scheme depends critically on the rate of adoption, so I'd be very interested to see how this aspect of the business case for the IICMVA scheme is worked out.

More generally, there is a widespread belief in the potential benefits and cost savings of shared service provision, especially in the public sector. However, there is often a lack of realism in how these shared services are to be implemented. If the shared services are too inflexible, then people won't use them without some degree of coercion; thus the costs and risks are higher than expected, and the benefits lower. I'm looking at a number of situations in the UK where public sector agencies are being encouraged to use nationally provided services, and it's an extremely complex task to work out how these services can be fitted asymmetrically into a joined-up solution that delivers the best outcomes. (Please contact me if you are facing this kind of task.)

Pay as you drive 2

Norwich Union has suspended its Pay-As-You-Drive insurance scheme [BBC News, 14 June 2008], announced here two years ago [Pay As You Drive]. I am disappointed at this news, because PAYD was my favourite example of differentiated pricing, using telematic information about driving patterns to determine the insurance premium paid by a driver.

This is not the end of differentiated pricing of course, and may not even be the end of PAYD. According to the BBC, there is one other insurance company in the UK (MoreTh>n) offering PAYD insurance, but all I could find on their website was a product called GreenWheels. This is not a PAYD insurance scheme, but uses similar technology to provide detailed information to the driver to help improve the driver's fuel and maintenance costs as well as safety.

Why did the Norwich Union scheme fail, and what does this tell us about the viability of such schemes in general? The primary reason is that the scheme failed to attract enough drivers to cover the fixed costs of administering the scheme. But in the longer term, a scheme like this was only going to be viable if the technology became cheaper and more widely available - in other words, compatible telematics devices fitted as standard to factory model automobiles. And this in turn was only going to happen if PAYD insurance was offered by several major insurance companies (perhaps across Europe rather than just in the UK, with appropriate "roaming charges" as with mobile phones) or if there was some other purpose for the technology and infrastructure. For example, providing information to support eco-friendly driving (Green Wheels). But the big opportunity was PAYD road pricing.

However PAYD road pricing is highly unpopular. There was a major campaign against PAYD road pricing in the UK, orchestrated by the road lobby. The UK government may have hoped that commercial PAYD products, including insurance, might have paved the way for PAYD road pricing, but this now looks less likely than ever.

Meanwhile, we already have some forms of road pricing. London already has a congestion charging scheme, and other cities are likely to follow. But these schemes, along with parking and traffic violations, are currently based on photographing the car plates, and this is of course vulnerable to identity theft. (You just need to put fake plates on your car, and someone else will get the penalty notice.)

At the core of PAYD needs to be a robust and reliable way of identifying vehicles and recording their behaviour, and this raises obvious privacy concerns. All differentiated service depends on an appropriate identity scheme, and such schemes are politically charged whenever governments get involved. So perhaps widespread adoption of differentiated service will have to wait until Identity 2.0 is more mature?

Real-Time Fraud Detection

Analytics vs. CEP

Alan Lundberg (TIBCO) notes the growing use of Complex Event Processing within the insurance industry, but is surprised not to find examples of CEP in real-time fraud detection. Fraud detection is often quoted by CEP vendors (including BEA, Progress and TIBCO itself) as one of the obvious applications of CEP. Although according to CEP evangelist Tim Bass, risk management experts in the banking sector remain sceptical about the benefits of CEP. Nevertheless, there do seem to be some interesting examples of CEP for real-time fraud detection, in the financial markets and in retail.

• FSA sharpens up Sabre II fraud-detection system. The Financial Services Authority (FSA) is updating its fraud-detection system with complex event processing (CEP) software to monitor transactions and detect insider trading and other market abuses as they occur. [Computer Weekly, June 22nd 2007] [Apama blog]

• CEP is also being promoted within retail systems, to protect against card fraud [SeeWhy]. Indeed, long before CEP became fashionable, Microsoft had an example of real-time fraud detection at Marks and Spencer, which I mentioned in my June 2003 article for CBDI on Service-Oriented Business Intelligence.

Fraud Detection in Insurance?

So why not insurance? I can think of several possible explanations for this. Firstly, insurance is not a particularly real-time business, and fraud detection within insurance does not need to be a real-time process. The insurance company generally takes the customer's money first, and then asks lots of questions before it pays any money back. If some elapsed time is needed to detect and investigate fraud, this may not be as critical in the insurance sector as it is in some other sectors. Secondly the identification of fraud in the insurance may be a matter of interpretation (semantics). Insurance experts worry about various types of moral hazard, and look for ways to reduce overall liability. Thirdly, insurance companies may wish to be secretive about how they define and detect fraud, to avoid giving ammunition to those they regard as potentially hostile.

Future opportunities for CEP in insurance

In the longer term, these explanations may well go away, as the insurance industry becomes more agile, open and collaborative. I think there are some really interesting opportunities for collaborative CEP in particular, but these will require a lot of work on the shared semantics and pragmatics of events.

Pay As You Drive

Norwich Union has been experimenting with Pay-As-You-Drive insurance for a little while now, and has now made this service generally available to UK drivers, in association with technology company TrafficMaster, which provides the satellite navigation devices. [Norwich Union website, TrafficMaster website, BBC News report]

PAYD is an interesting application of the concept of differentiated context-aware services. Drivers pay a variable amount for car insurance, depending on the identity of the driver (under 23s pay more than older drivers) and the context (daytime versus nighttime, motorway versus town) as well as the number of miles driven.

This kind of differentiated service not only reduces the cost of insurance for some drivers, but also allows the driver a greater level of control over the insurance bill - by driving less. PAYD may also have a beneficial effect on road congestion and pollution.

However, although Norwich Union has evidently gone to some trouble to explain and manage the differences between regular insurance and PAYD, drivers adopting this kind of insurance will have to deal with some new complications, and I think we can expect the scheme to evolve further. For example, the arrangements for driving outside the UK seem unsatisfactory, and we may perhaps expect the emergence of the equivalent of "roaming charges" as insurers in other countries adopt similar or interoperable schemes.

Norwich Union has also gone to some trouble to deal with some of the security and privacy concerns of the scheme. The in-car device itself contains no data that can identify the driver or the vehicle. The data are encrypted for transmission, and then deleted from the in-car device. Not bad, although probably not perfect. (I haven't done a detailed analysis.)

However, the privacy issues are unlikely to deter many consumers. Context-aware services often involve some voluntary trade-off between privacy and consumer value. The consumer grants the service provider access to some personal information (such as consumption patterns), and gets some value in return (such as more precisely targetted special offers). PAYD is no different in that respect from any other scheme that permits the service provider (retailer, airline, credit card) to collect and process large quantities of consumer data.

It is going to be interesting to see the popularity of this kind of scheme, and the willingness of consumers to accept some level of complexity and strangeness, if they are convinced that this will give them a more cost-effective and (at least partially) user-controlled service.

---

Related Posts

Pay As You Drive 2 (June 2008)
Pay As You Drive 3 (June 2009)

Business Geometry

A business or value chain is composed in a geometric structure. (In the past we have often called this structure an architecture, but this word has lots of different and tangential associations for different people.)

In SOA, we design a business or value chain as a network of services. This is a powerful geometrical pattern. But there may be many possible network geometries satisfying a given business requirement, all of which count as satisfying the principles of SOA. For example: hub/spoke or peer/peer.

Business Stack

Another common geometric pattern for SOA is stratification. A business process is composed of services from a set of lower-level services, presented as a platform. A good example of a business platform is the set of retail services offered by Amazon and eBay. Other service providers have built further retail/logistical services on top of the Amazon/eBay platforms.

Each platform is in turn built upon even lower services. At the lower levels, there may be collections of IT-based services, known as ESB. There may also be sociotechnical service platforms, such as call centres.

Thus we have a stratified geometry, in which a person tackling a problem at a given level is presented with a collection of available services, formed into a virtual platform. This can be thought of as a business stack, with one plaform stacked on top of another. Some of the lower layers of the stack may appear to be purely technical services; however a more complete picture should reveal the existence of an IT organization maintaining the platform, in other words a human platform of administrators and programmers supporting the technical platform.

Variable Geometry, Variable Granularity

While the SOA principles may provide some geometrical guidance, and mandate certain geometrical patterns, there is still a design job to determine the geometry. This design job may be easy when the requirement is trivial, but gets harder as the complexity increases.

In many situations, the demand side has more variation than a human designer (or design team) can accommodate. (We characterize this as an asymmetry of demand, which calls for a process of asymmetric design.) We need to start thinking about variable geometry solutions, where the geometry itself can be adapted on-demand.

For example, in the past we have assumed that granularity has to be fixed at design time. But we can conceive of a web service platform that detects patterns of demand-side composition, defines new composite services automatically, describes and publishes these new services in real time, and notifies likely users of the new service, complete with an incentive to switch. We can conceive of a web service platform that analyses the message content of a certain service, and produces a substitute service with a smaller footprint that would satisfy most of the uses in a more elegant way.

Value Landscape

I use the term value landscape to refer to the distribution of cost, benefit and risk across a complex market ecosystem, such as the insurance industry. Technology (including SOA) influences business geometry, not least because it affects transaction costs. The shape of the value landscape changes (has already started to change) as the result of B2B and B2C and BPO. Companies that once occupied safe market positions (the high ground) may find their commercial advantage slipping into the sea, or they may find themselves cut off from their natural markets or supply chains.

See Microsoft Blog Insurance Value Chain

Let's suppose an insurance company has the following strategic aims:

1. Profitability, short-term viability. To deliver the maximum service value as cost-effectively as possible, using available input services and technologies as efficiently as possible, with minimum costs/risks of change.
2. Adaptability, medium-term viability. To understand and respond to changing demand for insurance services, and to trends in cost and risk, both internally and across the industry. To develop and deploy new services to exploit new business opportunities and avoid emerging business threats.
3. Survival, long-term viability. Making sure the core business proposition remains valid, and doesn't get eroded by more agile players. Taking strategic action in relation to structural changes in the insurance industry.

If we are doing business geometry for an insurance company, we need to think about the insurance industry as an ecosystem. We need an AS-IS model of the present ecosystem (largely based on pre-SOA technologies) and a TO-BE model of an idealized ecosystem (based on SOA). We can expect the pre-SOA ecosystem to evolve into some form of SOA ecosystem, although we may not have much idea which of the possible changes is going to happen first. To satisfy all three strategic aims, an insurance company needs to exploit the pre-SOA ecosystem, and prepare for the SOA ecosystem.

Note that this situation may force the insurance company to implement a variable geometry, both in the organizational platform and in the IT platform. Otherwise, it will either have to operate suboptimally for an extended period, or incur significant organization costs and IT costs every time the industry takes another step towards SOA.