How Fidel’s democratising access to payment data
Data. It’s a bit of a scary word.
Data’s now one of the most valuable commodities in the world – and everyone wants a bit of it. Working out what you share, who with and how much can be tricky and without the right privacy and security measures in place, it can feel pretty risky, too.
We get it. At Fidel, we’re on a mission to democratise access to payment data. But what does that really mean? What’s in it for you? And how can you be sure your data’s safe? Honesty and openness are among our core company values, so we thought we’d shed a little more light.
Democratising access to payment data
In short, our mission is about giving power over your payment data back to you, the consumer, so that you can get the most value out of it.
We believe that providing value to consumers is a core tenet of any good product. Protecting consumer data, and giving control back to the consumers who create that data, is crucial. And it has to be done in a secure, compliant manner.
That might sound simple – it’s your data, after all – but things haven’t historically been set up to favour consumers. In the past, the banks and businesses you shared your data with tended to behave like it was theirs – and by doing that, they were dictating what you got back in return for it. Usually, that would mean a very good deal for them, but not necessarily a great one for you.
That’s starting to change. Thanks to new data privacy and open banking initiatives, you’ve now got much more control. And that means those banks and businesses are having to work much harder to get you to share your data with them. They’re starting to build more personalised and innovative products that respond to your needs and drive real value. That’s how we think it should be.
Levelling the playing field with card-linking
But while more competition is great news in theory, in practice, it’s still quite difficult to level the playing field – especially for startup and challenger brands. Even if you want to share your data with a business, it can be tough for them to get hold of it. Your card payment data sits with the card networks – Visa, Mastercard, Amex et al. – and building direct integrations with them is expensive, time-consuming and involves a lot of compliance legwork. It can put some startups out of business before they’ve even begun.
That’s where Fidel comes in. Our card-linking API makes it easy for you to securely share your payment data with the products and services of your choice. Once you link your card, we’re able to pass the payment data it generates directly from the card network to the business you want to share it with. It’s easy for you – you just connect your card in a couple of clicks and keep shopping as usual. And it’s easy for them – rather than spending lots of time and resource on integrating with the card networks, they can get back to building the products and services you love.
What data can we see?
We can only see the transactions you make on your linked payment card with the merchants participating in the programme. Whenever you shop there, we’ll see the location, amount, date and time.
We can only see transactions from the point you link your card onwards – nothing historical. And because we link to your card rather than your bank account, we can’t see any other activity (like direct debits or BACS transfers) besides the transactions you make with participating merchants on your linked card.
What do we do with your data?
Fidel acts at the plumbing between your card, the card networks, and the services you love. We simply pass your transactions from point a (the card network) to point b (the product or service you’ve consented to share your data with).
We don’t do anything else with your data. We don’t analyse it, and we don’t share it with any other consumers or third parties.
How do we keep your data safe?
Your card details are never stored anywhere, ever. We can’t access your details, and neither can anyone else.
As soon as you link your card, we encrypt the details with bank-level security encryption. That encryption — or tokenisation — replaces all the details with a token ID number. All we keep is the last four digits of your card number, so Visa, Amex or Mastercard can let us know that you have earned points. This encryption key or token is meaningless out of context, even to us. No one will be able to tell from our system which card is yours once linked. In fact, even we can’t tell which card belongs to you. We don’t need to — that information sits safely with the third party service provider that you signed up to.
Fidel is PCI Level 1 compliant. You can read more about what that means here — but it’s an industry-wide standard that was put forward by the five largest card schemes to help prevent consumer and data breaches.
What if you want to opt-out?
Consent is core to everything we do at Fidel. As the cardholder, you have to consent to be a part of any of Fidel’s programmes. If at any time you change your mind, you can unlink your card and opt-out.
To find out more about the technology behind our processes, take a look at our documentation.