Analysis of Japanese Loyalty Programs Considering Liquidity, - PowerPoint PPT Presentation

Analysis of Japanese Loyalty Programs Considering Liquidity, Security Efforts, and Actual Security Levels June 24, 2014 @WEIS 2014 Bongkot Jenjarrussakul, and Kanta Matsuura Institute of Industrial Science The University of Tokyo

Outline  Introduction  Loyalty Programs  Security Incidents  Japanese Loyalty Programs  Security-Liquidity Implications  Conclusion The University of Tokyo 2

Loyalty Program (LP) • Marketing activity that encourages customers’ loyalty behaviors by rewarding them . – The rewards usually take the form of Reward currency or Point . – Locates between online games and Bitcoin . • Liquidity of reward currencies is increased when LP operators cooperate with their business partners. – Allow their customer to exchange points between different LPs. etc. The University of Tokyo 3

The Trend of Loyalty Program North America Japan ← has more than 200 LPs USA 80 No. of 26.7% ↑ household (%) No. of membership in the U.S. household with Number of 60 (Billion) possession of e-money 40 2.647 3.0 2.089 No. of 1.796 20 2.0 household with 1.335 0.973 possession of 0 1.0 point card 2006 2008 2010 2012 2014 0.0 Year ’00 ’06 ’08 ’10 ‘12 Europe ← Newbie to LP Year Canada • 80% of European customers belong No. of membe bershi ship p (Million on) 120.72 119.97 to at least one LP. 116.22 Slightly decrease 100 • One-third of customers are likely join due to two or more LPs. demographic 50 factors. • (In GB) 95% of UK customers join at 0 ’08 ’10 ‘12 least one LP. Year The University of Tokyo 4

Security Incidents and Concerns North America Japan • Unauthorized access and illegal USA • Announcement about phishing and redemption at many LPs such as • G-Point security incidents related frequent • T Point flyer program (FFP) on alert sites • Rakuten point from • U.S. airways • JAL • Delta airlines Europe Canada • Malicious expense of Tesco’s gift • Scamming case in which the suspects voucher . used fraudulent credit cards. • Announcement about phishing and • This scam included illegal security incident related to FFP from redemption of the credit card point British airways. for gift cards. The University of Tokyo 5

Objective • Investigate Japanese LP systems with focuses on their – Liquidity – Operating firms’ security efforts – LP systems’ actual security levels • Consider a model to derive security-liquidity implications – Linear regression analysis The University of Tokyo 6

Outline  Introduction  Japanese Loyalty Programs and Their Network  The Network of Japanese LPs  Liquidity of the Japanese LPs  Security-related Data of LP Operating Firms  Security-Liquidity Implications  Conclusion The University of Tokyo 7

Japanese LP systems • Refer to point exploration website, “poitan.net” – Information of existing LPs in Japan – Estimated real-currency values of LP Points – Exchange/conversion rates between systems – Query of possible routes – Required duration for exchange process • More than 200 LPs are operated by Japanese operators – From 9 industries (refers to METI’s list of industries) – Industries with high interaction with customers METI : Ministry of Economy, Trade and Industry The University of Tokyo 8

Example of Query at Poitan.net Matsumoto KiYoshi 30 days 21 days (Point exchange site) Point: 20,000 Point: 14,000 (30US$) (Drug store) (14$) Point: 20,000 (20$) Total require 1 days Time 59 days. 7 days (Railway smart card) Point: 7,000 Point: 14,000 (7$) (14$) The University of Tokyo 9

Japanese LP Network The Connections between Industries Group 3: Having only 1 type Group 2: Having 2 types of Miscellaneous of flow between 2 nodes flows between 2 nodes manufacturing (13) Electricity, gas, heat Manufacturing of supply and water (16) Electrical Machinery (09) Miscellaneous VDO picture, sound info., non- manufacturing (26) broadcasting & commu. (17) Finance & Information Insurance (23) Services (19) Transportation & Retail trade (22) Postal activities (20) Type of flow (edge) Coming in only Group 1: Having all types of flows between 2 nodes Going out only The University of Tokyo Both directions 10

Liquidity of the LPs Ability that customer can exchange their points between different loyalty programs. • To calculate Liquidity score , we consider – No. of corresponding type of edge ( x ) – Average no. of partners ( y ) – Then separate the score into 4 levels 0  xy  15 • : Low (L) 15 < xy  23 • : Medium-Low (ML) 23 < xy  30 • : Medium-High (MH) • 30 < xy : High (H) The University of Tokyo 11

Liquidity and Security in Industry Level Would high liquidity imply … larger security effort? larger damages from security incidents at the LP? better actual security level at their system? The University of Tokyo 12

Liquidity and Security-related Data Industry (ID) Liquidity Average size of Average size of of damage from expense on LPs security incidents countermeasure Manufacturing of electrical machinery (09) L 12,740$ (0.04%) 70,970$ (0.20%) Miscellaneous manufacturing (13) L 4,696$ (0.03%) 74,118$ (0.45%) Electricity, gas, heat supply, and water (16) L 2,450$ (0.01%) 112,006$ (0.26%) VDO picture, sound information, H 2,940$ (0.02%) 70,155$ (0.51%) broadcasting & communication (17) Information services (19) MH 47,367$ (0.43%) 151,341$ (1.38%) Transportation & postal activities (20) H 7,525$ (0.05%) 47,753$ (0.31%) Retail trade (22) ML 8,003$ (0.05%) 40,286$ (0.26%) Financial & insurance (23) MH 12,658$ (0.02%) 235,716$ (0.32%) Miscellaneous non-manufacturing (26) ML 2,975$ (0.03%) 60,422$ (0.62%) % in () is percentage of the average size to average capital size. Data of 2012 by Ministry of Economy, Trade and Industry (METI). The University of Tokyo 13

Selected LP systems Pont nta Softba bank nk Mobile ile QooPo oPo (IND ND 26) 26) (IND 13) (IND 17) 17) [Pt] ] 0.5 [Pt] ] 1 [Yen] 0.75 [Yen] 0.67 [Pt] ] 4 [Pt] ] 0.1 [Pt] ] 0.33 [Yen] 0.8 [Yen] 1 [Yen] 0.5 JAL L Mileage eage Bank Sony ny Point nt (IND 20) (IND 09) [Pt] ] 0.025 [Pt] ] 5 [Yen] 0.375 [Pt] ] 0.09 [Pt] ] 5 [Pt] ] 0.1 [Yen] 1 [Yen] 0.9 T Point nt PeX PeX Mitsui i Sumit itom omo [Yen] 1 [Yen] 1 (IND 19) (IND 19) 19) Card rd (IND 23) [Pt] ] 0.1 [Pt] ] 3 [Pt] ] 1 [Yen] 1 [Pt] ] 1 [Pt] ] 0.5 [Yen] 0.9 [Yen] 1 [Yen] 0.67 [Pt] ] 0.2 Yamada ada Denk nki [Pt] ] 4.95 [Yen] 0.75 [Pt] ] 0.029 [Yen] 1 [Yen] 4.95 [Yen] 0.43 (IND 22) 22) [Pt] ] 1 [Pt] ] 0.25 [Yen] 0.67 [Yen] 3.75 G-Poin Point ANA Mileage eage Club (IND 19) (IND 20) [Pt] ] 0.33 [Pt] ] 1 [Yen] 0.5 [Pt] ] 2.5 [Pt] ] 0.85 [Pt] ] 0.85 [Yen] 0.67 [Pt] ] 1 [Pt] ] 0.2 [Yen] 0.75 [Yen] 0.85 [Yen] 0.85 [Yen] 0.67 [Yen] 0.3 [Pt] ] 1 [Pt] ] 3 [Yen] 1 Matsum umoto Kiyosh oshi [Yen] 0.6 TEPCO Suic ica Point nt (IND 22) (IND 16) (IND 20) [Pt] ] 0.7 [Yen] 0.7 The University of Tokyo 14

Actual Security of the Selected LPs Registration • Generally require basic personal information • Only LPs from industry 09 ( MH ) and 19 ( L ) implement CAPTCHA . Authentication • Similar requirements : username & password Back-up Authentication • Found no established heuristic back-up authentication. The University of Tokyo 15

The answer… Would high liquidity imply … larger security effort? larger damages from security incidents at the LP? better actual security level at their system? If we want to answer such questions, we need a rigorou ous s analys ysis is rather than a simple observation. The University of Tokyo 16

Outline  Introduction  Japanese Loyalty Programs  Security-Liquidity Implications  Linear Regression Analysis  The Results and Implications  Conclusion The University of Tokyo 17

Data for the Analysis • METI data Proxy Variables – Average size of expense on security countermeasures – Average size of damage from security incidents Impact Impa ct fr from om securit secur ity y incidents incidents • Poitan.net – Rank of Japanese LPs (April 2014) – Number of partners belongs to each LP Liquidity Liquidity – Exchangeable type of flow (belongs to each LP) • Official site of 82 Japanese LPs Secu Securit rity y scor score – Investigate security-related requirements in 3 processes • Registration • Authentication (Login) • Back-up authentication (Password recovery) The University of Tokyo 18

Impact from incidents ( impact i ) impact i = damage INDi * rank i where i the index of each selected LP ( i = 1,2,…,82) IND i the industry ID of the industry LP i belongs to damage INDi the average amount of damage from incidents in industry IND i rank i the ranking score of LP i • Since illegal exchanges originate from compromised LP accounts, we focus on the “Origin LP” ranking. • Origin LP is the LP which acts as source node where points are exchanged to its partner system. The University of Tokyo 19

Liquidity ( liquidity i ) liquidity i = xy where x the edge types between LP i and 9 industries where only the 82 selected LPs are considered y number of exchange partners of LP i The University of Tokyo 20