When Online Reputations Attack

According to this article on BargainBabe.com it is possible to trick the airlines into giving you a cheap flight by getting off the plane at a layover point. In an age of Security Checkpoints, Data Mining and Social Networks the implications of this could be deeper than you might guess (May 2011)

Bargain Babe's tips for cheap travel

If you follow the advice of Bargain Babe, a cheaper airfare can be obtained by finding a cheap flight with a layover to your intended destination and getting off at the layover point. Only travel with carry-on bags, book separate outbound and return tickets and don't do this too often was the accompanying advice.

The discussion thread that ensued provided me with food for thought: "…it’s really severely frowned on by the airlines, and in my opinion, more than once or twice, could get you “flagged” ". This got me thinking about the implications to personal reputation both on and offline.

Reputation at IIW#12

Last week I attended Darius Dunlap's Pseudo Anonymity and Reputation discussion at IIW#12 in Mountain View, CA (notes). We discussed the levels of anonymity with which you can use various services on the web - most services that people use today are far from anonymous, in fact they leave a very tangible trail that leads directly back to the user.

The call at the session was for an Identity Management infrastructure that would allow a site "to know of me rather than about me" - namely revealing authenticated profile information rather than my actual identity. For example, when browsing the website for a BMW, the site may know my demographic groups, purchasing preferences and city - rather than my salary, my current car VIN number and my full address.

Although the detail is abstracted, it should also be verified by a trusted third party. This system is open to being gamed, but as someone in the room said, "a system that prevents all evil leaves no room for an offline experience". I think when data that is created online begins to manifest in actions offline, people will begin to understand the potential for the use and misuse of this data

Scary Usecase

Going back to Bargain Babe - and let's say there is a population that has been following her advice on the cheap airfares. Over time, the airlines will have data to show flights booked and paid for and which flights have actually been taken - for the total population. Bargain Babe's followers are easily identified from this mass of data and they will be marked in the airline's CRM databases.

This will allow the airlines to blacklist certain customers (where any frequent flyers are even more easily identifiable) within their own systems and perhaps within the other airlines in any alliance partnerships they are members of. The blacklisting may begin by simply marking those customers and monitoring their activity to see if there might be potentially fraudulent behavior but it may extend to denial of optional benefits and offers.

However, if the airlines decided to share this information with third parties such as Expedia, Kayak and Priceline or even with hotels, car rental companies, tour operators and travel insurance companies - an individual's online and offline reputation is going to rapidly become tarnished - across a broad network of providers and third parties.

The BiteBack

As the primary purpose of a CRM (Customer Relationship Management) system is to maximize the long-term revenues from customers, the reputation of those customers will start to find its way into the score that determines level of benefits granted.

Insurance Companies are known to increase premiums based on evidence from a Facebook profile, but I have recently heard that Insurance Companies use the profiles of people in an individual's network as an indicator of risk - either causing a detailed background check, increase in premium or even denial of policy - a logical step given the availability of data to those organizations.

Is there a Problem? What's the solution?

If you're behaving 'honestly' and following the law, there won't be a problem (or so we are told), but what about the gray areas where we are being selectively risk assessed and having differential pricing applied because of our profiles? I don't know if there is anything essentially wrong with this - AS LONG AS THE PROFILE INFORMATION IS ACCURATE AND UP TO DATE.

Having had extensive experience with the quality of customer data that most large consumer facing organizations maintain, I can pretty much say that the profile information is usually inaccurate and generally out of date so IMHO, there is a problem.

The solution is currently a hot topic within the online identity community at IIW and the FC2 Consortium. These organizations, their members and other companies such as Mydex and Azigo are currently working on solutions to these problems. Keep watching.

What did I read?