ICICI Bank’s email subject – clever, creepy and a security hazard

On September 9th, I received an email from ICICI Bank. Now, ICICI sends me tons of promotional emails, across the bank and ICICI Prudential, and fearing that some important email might land in the spam box if I mark one as spam, I continue to voluntarily archive/delete them every day/week.

So, given that I get so many emails from the bank week on week, I have become largely immune to whatever they send and robotically delete/archive them.

The email on September 9th forced me to take note, open and read. Reason? The email subject!

It said, “Why 19XX is a bad UPI PIN”, with 19XX being my birth year! (I have masked the full year in the screenshot below)

As someone who has handled email marketing (under digital marketing) for more than a decade (since 2009, when I joined Edelman as their first head of digital strategy in India), I have labored and deliberated a lot on personalizing emails and email subjects in a way that attracts the attention of the recipients, professionally, for a living.

Using the recipient’s name in email subject is one such idea, but it is very old and over-used now. Using other personal markers like city, employer’s (company) name, location/area in the city etc. are other options.

Besides the name, other highly personal markers like age, date of birth, birth year, spouse’s name, sun sign etc. would immediately and viscerally attract attention. So, it’s no wonder this email subject attracted mine.

To confirm if the year mentioned in the subject was not the same for everybody and that it was indeed personalized to each recipient (like a mail merge), I asked the question on Twitter, to let other ICICI Bank customers confirm.

Almost all of them confirmed that they got their birth year too and that made them take note of the email. A few said that they got a year that they couldn’t relate to anything (leave alone birth year) and one finally found that it was the year he had opened the account.

Quite a few people said that they felt creeped out because of the email subject. This is an interesting reaction because we have volunteered most of these personal information while opening the account with the bank. But, for them use it to gain our attention evokes a creepy feeling. If, for example, they had calculated the insurance premium for a particular plan based on the birth year and family members’ age and directly mentioned in the email, we may be less creeped out because there is no direct communication of a personal detail.

The most interesting nuance though is about security.

An email is a private one-to-one communication, of course, but banks use XXXX even while sending credit card statements via email, where the X is used to mask some of the digits of the credit card number. For them to not mask a birth year and use it as-is to gain our attention may not be in the best interest of security, though it sure is in the best interest of email open rates and email marketing.

This, despite the fact that they are trying to make a strong point about NOT using the birth year as UPI PIN.

I was not creeped out by the email subject and even thought it was a smart move, until I encountered several people in response to my tweet who felt it was creepy and argued that it was a poor attempt that compromised security.

Just because an organization has our personal details, acquired voluntarily while onboarding us as users/customers, it doesn’t mean they should use those details for the sake of getting our attention. Why? Because of who is using those details – in case of a mass email, there is no human connection. It is being used by an algorithm/machine (though coded by a human/team; from the recipient’s perspective, it is being used by a machine) impersonally.

An air hostess or a hotel waiter using our personal details from their memory is a vastly different usage where there is a personal touch. The recipient would ascribe that usage to the person’s memory and diligence in serving, and it would help us like that establishment a bit more.

An interesting combination of personal touch through a machine is also possible these days – an air hostess could read/look up some personal details (like what I ordered the last time I flew, or my wife’s name from a previous flight conversation) from a database in their device and use those details just as they come to me… and use that piece of information to offer the personal touch. I would perhaps assume that it is coming from their memory, and I need not be necessarily told that this is through a machine since the end result is positive. The downside is if I notice the air hostess performing the same memory-through-machine trick to everyone around me and my figuring out that this memory is feigned, thanks to a machine.

For instance, I was chatting with a school mate after a long time last year, on WhatsApp. During the chat, I asked him how his kids were, by name. He was deeply touched and told me too, that I remembered their names from our previous discussion. I did not have the heart to tell him that since we started chatting that day, I noticed our previous chat’s text right above this… where he had mentioned his kids’ names! I should have, but I did not and I still feel guilty about that.



5 thoughts on “ICICI Bank’s email subject – clever, creepy and a security hazard

  1. You really think your birth date or year is a secret piece of information! Let’s take your daughter who, given publicly available top secret info, will celebrate her tenth birthday six days from now.

    I think those bankers are making a serious attempt to tell the jokers around that a/ don’t reveal personal info anywhere and b/ even if you believe you don’t, at least don’t use those numbers as your PIN.

    1. Sigh! You didn’t get the point of the post at all, I see that. The post is not about who/which organization knows my/anyone’s birth date. Those information could easily be gained in these days, for literally anybody. The point is using that for any purpose on scale and how it could be perceived.

      I know perfectly well what the intent here is. But the method used is counterintuitive.

  2. Any communication, to make a significant (andar tak hila dene waala) impact, has to be counterintuitve, isn’t it :-). At least if it needs to generate a debate like this. Else, jungle mein mor naacha… When was the last time people like you and I discussed (and possibly others got a bit educated) on what numbers make a bad pin 🙂

    1. ? for the kind of people who have to derive their education from a piece of marketing email it’s clearly difficult to understand what this article is about.

    2. That – the need to be noticed, discussed – should not override every other criterion in marketing. Particularly when it uses a machine to share a private detail about customers using mail-merge level callous automation.

Leave a Reply

Your email address will not be published. Required fields are marked *