Companies need to start thinking of this less in the lens of "evil" and more principle of least astonishment. Would users be surprised and angry to learn you do this? Then don't.
Not Google does X, but there is a market that sells X, and X can be linked to you personally by Y, Z
So
* A market exists for reselling credit card transaction data. Your card provider (ie Barclaycard) sells to companies such as $FOO who will aggregate same data from different providers and sells it for marketing purposes. The size of the market is $Billions
* Google can link the purchase history to you personally by multiple means including - reading your gmail, and looking for purchase confirmations using last 4 digits
* There is a market for reselling your mobile location and call history. your cell provider ...
I would love to see this - I honestly need reminding of this and it seems like a great press expose.
How do they connect my credit card data to my Google activity? My Google account isn't connected to my personally identifiable information in any way. I.e. they don't have my phone number, nor do I use Google Pay.
Most people have a phone number with google for gmail (you didn't need one in the beginning, but do now). There's also their wallet, app store, voice, broadband, phone plan, etc.
Some people will dodge all of that, but most won't.
Which personally identifiable information?
The time of day you use your devices? Which languages you use? Which websites you visit? The type of medical conditions you search for?
Information being PII or non PII isn't binary. It's relative shades of how shannon entropic it is. You need about 33 bits to identify someone, you likely have leaked 33 bits of entropy.
EFF's Panopticlick help show this: https://panopticlick.eff.org/
Google makes sure that if you don't hand over your data to them, someone else will.
There are 2 pieces of information that need to be joined.Google have your cookie and email and MasterCard have your address and probably email. If both sides have your email then job done. If not then they can use your physical address via a data broker. All it needs is some e-commerce sites that allow cookie syncing and have a privacy policy that allow them to sell that part of your data.
And 4 data points would be a lot more than usually required.
I'm pretty sure they use that to feed their models.
Doesn't this already exist since nobody wants to piss off shareholders?
* https://marketingreportoptout.visa.com/OPTOUT/request.do
* https://www.mastercard.us/en-us/about-mastercard/what-we-do/...
> To opt-out from our anonymization of your personal information...
Uh, I'm no lawyer, but the wording really gets my attention here.
> Depending on your country, you may have the right or choice to: Opt out of some collection or uses of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and the anonymization of your Personal Information for data analyses.
[1] https://www.mastercard.us/en-us/about-mastercard/what-we-do/...
Perhaps there's opportunity here for someone to be Robinhood here and improve the privacy of a lot of people...
How about instead of fraudulently providing someone else's credit card because "we know best", we just make sure to spread the pages as much as possible where appropriate, and let people make their own educated choices (and hopefully it opens their eyes to other places in their lives they can do so as well).
I understand the impetus to help, but it's important to consider that what one person views as helping another might view as terribly invasive in itself.
Am I the only one thinking there might be some Clapper-level double-speak going on here? Why would these company share admittedly valuable data without being compensated?
A question for contract lawyers: can I sell something (say an API or quarterly report) that "incidentally" includes customer data and get away with saying I'm not "selling customer data"?
$corp provides it's marketing partners with insights gleaned from aggregated transaction data. And allows select partners to query an api for derived information about $corp's cardholders using a marketing identifier that tracks across multiple agencies including credit reporting, social media monitoring and customer intelligence analytics.
Additionally $corp uses it's transaction stream to feed information about aggregated spending per retailer to both their internal trading desk and to select financial markets partner firms.
Your personal transaction information is never exposed to anyone outside of $corp.
So, it's a virtual debit card, not a virtual credit card.
Now, they do let you set transaction limits, and daily/weekly/monthly limits, as well as either locking the card to the first merchant to use it or to make it a "burner" one-time only card.
So, there's lots of additional controls there.
They don't give you a good way to export any of that financial information, so if you want to use a budgeting program to try to help you track what is going where, then privacy.com doesn't help you there.
Overall, I like privacy.com very much. I do want to be able to tie in multiple back-end payment sources, including credit cards, and I'd be fine taking the 2% or whatever fee on my end. And I do want more transparency in terms of being able to easily export my data where I want to use it. But those are both relatively minor problems, compared to the ones they do help you solve.
Arbitration agreements are bad in general, but not necessarily uncommon. What makes privacy.com different is that they have access to your bank account. They're in a position where they have direct access to your funds, and you can't bring them to court if they wrong you.
I've had people suggest that I link privacy.com to a limited bank account and manually transfer money. That's a good suggestion, I'd probably do that no matter how they were set up. But that's not going to help if privacy.com takes you to arbitration over a bogus overdraft charge, or if they leak your credit card numbers, or if they start selling data behind your back. My bank doesn't have an arbitration agreement tied to my checking or savings account. I don't think it's justifiable for privacy.com to claim that they have more customer risk than my bank does.
If a business includes an arbitration agreement in your terms of service, I immediately assume that they don't respect their customers. There are some businesses where I tolerate that, but I need a heck of a good reason -- especially if that business is going to be managing my bank account.
Binding arbitration agreements are underhanded. The only reason to have one is because you want to make sure right from the start that you're not accountable to your customers.
In my understanding, they have the account numbers and can do ACH withdrawals - just like someone who has your debit card number (but against a checking account, not a card). So I believe it's like every other transaction (or check) - there's an intentional (as I get it) processing period for a day or two, and you can always call your bank and request to not honor it. I could be wrong though.
And actually, they can be associated with a debit card instead of a bank account - they've failed to associate with my bank, so I have had to go this route (and there's no way to switch it afterwards).
Oh, and I totally agree that arbitration clauses without a way to opt out are disrespectful to say the least.
I would trust Apple a lot more since they already make money, and their reputation is something that they would be more likely to value more than a startup would be.
> Cookies and Tracking Technologies: We and our partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and gather information about our user base, such as location information based on IP addresses
They also transfer data in the case of a query about a sale.
This would be a bit less awkward if the name of the company wasn’t “privacy”
The reason credit card companies are willing to give customers rewards/cashback is that they’re competing, primarily for interchange revenue. Most cards are guaranteed to be profitable for the issuer (ex-credit risk); some models (5% rolling category up to $75 back, etc) are not strictly guaranteed to be profitable, but they’re running a portfolio strategy.
You don’t need to make money on every account. You need to make money on every pool of, say, 100,000 accounts. One could conceive of rebate schemes poorly designed enough to not do that, but the industry broadly doesn’t ship them.
There are people who make hobbies off of attempting to get the financial industry’s sweet sweet marketing dollars. The financial industry can afford an infinite number of business analysts and geeks. The marketing dollars are still on offer. What does this suggest to you as to the portfolio-wide impact of hobbyists who exploit the offers?
The credit card issuer fees can be the worst because of these high reward credit cards.
I'm very aware of this when shopping at a local small business. I'll pay either in cash or with my debit card, because the credit card fees are seriously squeezing small merchants.
https://www.investopedia.com/articles/personal-finance/04071...
> When merchants accept payment via credit card, they are required to pay a percentage of the transaction amount as a fee to the credit card company. If the cardholder has a participating cash back rewards program, the credit card issuer simply shares some of the merchant fees with the consumer
And some is paid by interest being paid by other customers
http://www.bos.frb.org/economic/ppdp/2010/ppdp1003.pdf
> Because credit card spending and rewards are positively correlated with household income, the payment instrument transfer also induces a regressive transfer from low-income to high-income households in general. On average, and after accounting for rewards paid to households by banks, the lowest-income household ($20,000 or less annually) pays $21 and the highest-income household ($150,000 or more annually) receives $750 every year
I also have a vague memory that some cards from the same issuer (mostly American Express) charge the merchants more for the higher-level cards, and prevent the merchant from treating those customers any differently. I can't find a source for that, but some starting points might be https://www.washingtonpost.com/business/economy/supreme-cour... and https://about.americanexpress.com/press-release/american-exp...
So for example when I attempted to link based upon routing/account number at Simple, it told me I can't continue because I should hand over my account information for the other bank to Plaid instead.
I've done it, and then immediately changed my account info. So yes, technically Plaid has my historical data, but at least they won't get it going forward. It really sucks though, because it locks my money into a singular bank otherwise.
My understanding of the ACH system is that it's best used in a "pull" manner, as if you're writing a check. Link your Simple account from another bank and initiate the pull from there. (Then work on transitioning your activity to the better bank while you're at it).
> We noticed you’re browsing in private mode. Private browsing is permitted exclusively for our subscribers. Turn off private browsing to keep reading this story, or subscribe to use this feature, plus get unlimited digital access.
Disabling JS bypasses for now.
Banks and lenders are heavily regulated in this area and often times the financial institution has absolutely no insight into the line-item level of the purchase. That data is at the prerogative of the merchant to disclose.
If $RESTAURANT offers cash back on certain purchases made with them on a certain card, the merchant already has the data of the purchase and can determine if purchase qualifies for some cash back and notify the lender (at the expense of $RESTAURANT). Cards also follow patterns in the number scheme which would allow a merchant to determine card type and map that to current incentive offerings. By card type I mean more than just credit provider, down to the specific type of card (i.e. Sapphire Reserved vs Sapphire Preferred, etc).
> Something went wrong
> We're sorry. This page failed to Outline.
And more generally, credit cards have been around a long time. Shouldn't there be more evidence by now if anyone is being harmed by sharing data about consumer purchases?
Anyway, some years ago banks opened for the possibility to get your receipts electronically. I opted into that, not thinking about privacy at the time, and they certainly have the data to track us in ways we that make Facebook look harmless, because Facebook doesn’t know your pharmacy purchase history.
I’ve never seen an impact of this that I was aware of, so maybe banks don’t actually use the data. It’s certainly not their business model to sell advertising, but who knows.
Approach ATM, insert Mondex card. Feed ATM bills and coins, Mondex card gets loaded. Spend card, swipe as normal. Works offline, no connection to a bank account necessary, the money is deducted from your local card's 'account' to the 'account' on the POS/business. Your card records a transaction date/time/merchant for debits, theirs records the same for a credits.
You can transfer funds from one card to another, cash out the card offline at supporting ATMs, be used for building access/RFID cards, hold up to 5 digital wallets on one card, and more.
It was tried in the UK back in the 90s and NYC right in 2000 and worked about as well as you'd imagine in that world. But today, it would probably work much better. HK has the Octopus card which is conceptually similar and works well.
I'd certainly give either a shot so I don't have to carry physical cash but also aren't worried about having my money in someone else's hands who can lose it all due to bank fraud or have IT issues preventing payment processing.
Additionally I imagine this data is available for marketers to target buyers of Product X with Accessory Y.
Finally, marketers may use purchase data to build suppression lists; ie. Stop retargeting people that already purchased Product X. I don’t know if this happens very often in practice. It’s very hard to do well in general, and generally cheaper to spam people than buy data to shrink your list.
None of this is well-disclosed to consumers, not one bit of it is right. It just is, and it has been for going on for 8+ years.
It doesn't go far enough (or at all, really) to explain that the credit card issuer doesn't see the data. They see a transaction amount. There's no banana.
The current top comment about Google linking online to B&M purchases isn't a leak of privacy: it's strictly private both to Google and the merchant. You are being tracked, but not in a privacy-revealing way, just in an uber-annoying I'm-still-being-targetted so-it's-creepy-and-annoying way.
That retail merchants are tracking you is a huge, huge problem. The CC facilitates this by linking all your purchases into a single history, but it isn't the CC per se that is the problem. eg the store's own rewards card specifically does this. They don't even care if you give your actual PII up to signup for the rewards card, all they care about is that they can [even anonymously] identify the purchase stream tied to an individual.
They should go to length to better distinguish this problem because then they can get to the fact that every Apple Pay transaction is tokenized and not linkable to prior or future Apple Pay transactions.
