Skip to content

Install your own social exploit


Product Design Mechanics #4: When decision making, cost bearing, and being the decision’s beneficiary are not represented by the same person, there lies a pot of gold right in front of you.

The 80s were the time when I first got in touch with computers. Back then, the term hacking was not so much used to address an “intense activity of creative thinking and acting” as it is today. For instance, today, growth hacking refers to brainstorming on how to leverage growth for a digital business model without having to deeply invest money. At Facebook, hacking refers to intense brainstorming per se.

Back then, in those long passed 80s, hacking was the term to denote a largely illegal activity where so-called hackers would try to get into a computer and network system. The mission was break, enter, get some information, and run. Hackers had a shady image and their social karma would radiate somewhere between worshipped heroes (for their skills) and despicable villains (for their deeds).

In hacking lingo (and I mean that largely illegal activity, not today’s brainstorming connotation), the term exploit is oftentimes mentioned. An exploit is usually a small piece of software that helps to exploit a security hole in the system to be attacked. To be more precise, let’s go with the definition put forward by security expert Avast (see here for the definition):

An exploit, in contrast, is code that allows a hacker to leverage a vulnerability — for example, they can use an exploit to gain access to a computer system and then install malware on it.

Hacking minds

That said, you are here to think about Product Design Mechanics, not about illegal stuff like hacking. So, what’s the connection? The connection is that there is a PDM, I call it Decision Power Exploit, that works in pretty much the same way as those software security exploits. The difference is that it is not a piece of software. It rather is a mental model that exploits a certain constellation where decision taker, beneficiary, and bearer of cost are not the same one entity. So, again, it refers to the “orchestration and exploitation of human behavior”, which lies at the heart of all PDMs.

Let’s have a closer look at that hack, starting with a personal story of mine.

One of the companies I worked for, a long time ago, was Payback, the leading European coalition loyalty program. The only comparable program of scale was Nectar in the UK, which works pretty much in the same way. Users can collect loyalty points at certain partner stores and then redeem those points, translating them into goods, services, or just plain money.

It’s the consumer who decides where to buy, say at an Aral gas station (where she gets Payback points; as opposed to Shell where she doesn’t). She or he is also the beneficiary of the transaction that results in the collection of loyalty points. Because she will get the loyalty points herself, transferred right to her Payback card. Moreover, she also has to bear the cost: the gas bill needs to be paid by herself.

So, in the case of Payback, decision maker, beneficiary, and bearer of cost are the same one person.

It’s a very successful program and in Germany alone there are well beyond 25M households that have a Payback loyalty card (mind that Germany has 42M households overall). It is so successful because it is one card that covers all your daily needs: it features retailers (rewe), drug stores (dm markt), gas stations (Aral), and many more. It has many partners. But per each category, say drug stores, it features exactly one, so that the user is effectively navigated to the Payback partner drug store rather than all the others. As such, the system is also based on indirect network effects as one can observe with marketplaces.

However, before I worked for Payback, I had experienced a loyalty card system that is way more sophisticated in terms of orchestrating human behavior – on the verge of being perfidious.

This is where I discovered the PDM Decision Power Exploit for the first time.

The power of egoistic decision making

Before I joined Payback, I was a strategy consultant at BCG, the Boston Consulting Group. Coming from an academic background in computer science, deeply involved in machine learning, data mining, and social network analysis, BCG was a whole new world to me. Exciting, fresh, and uncharted territory.

The job at BCG was highly demanding, night shifts and working until midnight or beyond was normal. But you would also get a lot of perks. Amongst those perks where all the various points and miles from loyalty programs you could collect and translate into flights, hotel stays, and the like.

You had to take a lot of flights per week, a bare minimum of two per week. And back then (this was the time of the financial crisis in 2008), there were two airlines in Germany you could choose from for domestic travel: Lufthansa and Air Berlin. In general, you could say that Air Berlin was half the price of Lufthansa. Service was not too bad either, in no way justifying the price gap.

But all the consultants chose Lufthansa probably 90% of the time. How could that be? Isn’t that economically crazy? Yes, it is. But it’s crazy for the company, not for the individual:

The decision of which flight to take was conceded to the consultant (in that case: me). She or he could call the shots. The cost for the flight were borne by the company, BCG, though. So, the consultant wouldn’t care much about that aspect, she or he would not opt for the cheaper flight just to save some bucks for the company. However, the beneficiary of the transaction, i.e., the one who’d get the loyalty points from Lufthansa, coined Miles & More,

was the consultant again.

In contrast to Payback, decision maker, beneficiary, and bearer of cost were not the same (natural or legal) person. This is shown by the below figure.

In Decision Power Exploit, decision maker, beneficiary, and bearer of cost are not the same one person

By putting this little exploit to use, Lufthansa could make sure that an economically irrational decision was taken in its favor. Because the loyalty system of Lufthansa was way better than that of Air Berlin. Note that the benefit, the Lufthansa points (called Miles), were of course only a fraction of the excess cost the company had to pay to upgrade from Lufthansa to Air Berlin. But it didn’t matter. Because cost and benefit were never matched against each other by the decision maker, the consultant.

If your business model allows to craft a PDM like the one inherent to the Lufthansa Miles & More system, go for it. Decision Power Exploit is, well, a powerful exploit.

Observing Decision Power Exploit in credit cards

Lufthansa’s Miles & More is not the only successful application of Decision Power Exploit. Credit cards are another, and they have been working very well for ages.

First of all, credit cards are based on the PDM of Indirect Network Effects, which is also the foundation of all marketplaces and many manifestations of platform economics: The more consumers use a certain credit card, say Mastercard, the higher the pressure on the side of points of sale to offer this credit card as a means of payment. On the other hand, the more points of sale are accepting that very credit card, the more attractive it becomes to users.

But there is another PDM, namely our Decision Power Exploit, stacked upon many credit card systems: Today, credit cards are not just a simple means of paying goods and having some credit to rely upon. Today, they also often offer certain perks to consumers that bear the traits of loyalty card systems. That is, with many credit cards you also get a reward in some loyalty currency that is proportional to the transaction you just did with the card. E.g., you spend 100 EUR for a purchase using the card, you get one loyalty point.

Here again, we have a situation where decision maker, beneficiary, and cost bearer are disparate persons. Decision maker and beneficiary are clearly the consumer. But the cost bearer (in that case the cost for the fees that are incurred by the use of this means of payment) is borne by the shopkeeper. Of course, the shopkeeper (just like BCG) wishes the consumer would pay in cash, pay by bank transfer etc. But the consumer has the power to decide, and the credit card company is clearly providing incentives to route the consumer to itself. Which is again strengthening the influence of the credit card, thanks to more consumers making use of it. So, we also observe a repercussion onto the before-cited indirect network effects.

Insurance is not far apart

There is a concept in economics called “moral hazard” that bears quite some resemblance to Decision Power Exploit. It is particularly commonplace in insurance. Take health care insurance as an example: In general, you pay a certain amount of money to be blessed with this kind of insurance. When you are sick, you go to the doctor. It’s your very own decision to do this. The doctor will examine and help you. The bill does not go to yourself, but to your sick fund or health insurance company.

The money that you as an insured person pay is, in its most basic form, a compensation to cover the health insurance costs of all insured people, divided by the number of insured people, weighted by some factors such as income, family situation etc.

That means that there is no incentive for you to exert cost control. If you go to the doctor only when you are half-dead vs. with every little ache you feel … it doesn’t change the monthly fee you pay. So why worry?

Note how similar this situation is to the Decision Power Exploit PDM: The decision is taken by the insured person, who is, at the same time, the beneficiary. The cost (resulting from this very decision of going to see the doctor) are borne by the insurance company.

Of course, another law from economics, the “law of diminishing returns”, tells us that the benefit that we get from going to the doctor time and again is limited. But it is already a financial burden for the health care system if people go to the doctor early on, when there are few signs or no specific need. Like a cold, a growling stomach, etc. Which they would most likely not do if they had to pay directly themselves.

Fighting moral hazard in the health care sector

In order to fight the detrimental effects of moral hazard, regulators and insurance companies alike have invested considerable time and effort. It is not an easy challenge, as negative effects of moral hazard are to be mitigated – while making sure that people still see a doctor when they should.

In Germany, the former Minister of Health, Ulla Schmidt, introduced in 2004 the so-called “Praxisgebühr” for the public health care system. A fee of 10 EUR that had to be paid (at most once per quarter) when the patient would visit the doctor. If patients did not go to see the doctor, they didn’t have to pay. However, the system was highly unpopular with the physicians (who felt burdened by the administrative effort) and patients alike (who felt the additional financial burden) and did not live a long life. If was abandoned few years thereafter.

Another tool, used by the German private health care system (and thus introduced in varying flavors by some German private health care insurance companies, not by the governmental regulator), is to make use of a certain annual monetary threshold up to which patients have to bear health care cost themselves (“Selbstbeteiligung”), say 300 EUR. This incentive to not incur health care cost is oftentimes exacerbated by kickbacks at the end of the year, paying back one or two monthly health insurance fees if the patient has not exceeded this threshold.

This is certainly a good tool, but it becomes futile once the threshold plus the kickback has been exceeded by the patient. Because then you are back in the old moral hazard situation.

Go, find your exploit

While moral hazard is a phenomenon that is commonly inherent to the system (and efforts are made to mitigate it), Decision Power Exploit is a PDM that you as a product designer can intentionally build into a system, as witnessed by the airline loyalty miles or credit card systems. That said, it is not easy to manufacture situations where the bearer of cost, decision maker, and beneficiary are not the same one person. And, just like for the moral hazard example, the bearer of cost will have a natural inclination to escape this situation. But when you, being a product designer, are able to spot and implement one such exploit, then you have a powerful tool in your hands that is hard to beat.

It is definitely worthwhile to put your grey matter to use and search for these occasions. There might be a pot of gold at the end of the rainbow after all.

Want to be updated on new posts? Just sign up here with your email address:


Leave a Reply

Your email address will not be published. Required fields are marked *