Banks Find Way To Sell Consumers' Shopping Data

nonprofiteer writes "Banks plan to compete with Groupon and LivingSocial by targeting coupons and deals at credit card holders based on their shopping habits. They found a way to do it without violating financial privacy laws: 'They're "selling" shopping habits the same way Facebook "sells" personal data about its users: in-network. It's a clever privacy work-around. Just as Facebook allows advertisers to specifically target certain kinds of users based on their profile information (without actually providing that profile information to the advertisers), banks plan to allow advertisers to send deals and coupons to their customers based on what they've bought before. That way, no user data actually leaves the network — instead, deals just enter the network. Each time a customer cashes in on one of those deals, the bank gets a commission.'"

A Technicality:

[Hartree]

So, I send a bank a deal aimed at consumers who (for example) bought alcohol and restrict the geography to an overwhelmingly Mormon neighborhood and get back a list of names. I cross reference those with church memberships. I now can target the backsliders.

I have somehow magically not violated anyones privacy.

Re:A Technicality:

[Radres]

But the bank didn't sell you the list of names. The only way to get a list of names is if someone from the community you are targeting actually clicks-through on your ad and places an order. I'm sure there are other existing ad networks that would allow you to do the same.

Re:A Technicality:

[Ruke]

You don't get a list of names. You send the bank a deal aimed at customers who bought alcohol, and restrict it to a Mormon neighborhood, and the bank sends out your offer. You don't get to know who was sent these deals; the best you could do is know who took advantage of them.

Re:A Technicality:

[EdIII]

You missed the point, but still have the right argument.

When you pay the bank, you don't get back a list of names at all. The bank would be sending out junk mail, SMS, or email based on your chosen demographics. It would be a 3rd party offer.

Most websites, companies, etc. allow you to specify that you don't want to receive it, but they also specify that affiliates and subsidiaries get access to to the data. The banks don't get that loophole in this case.

In your example, what you are really pointing out is that whatever percentage of customers click on the links, or even view the email with downloaded pictures, are revealing themselves and losing their privacy. In order for the bank to receive a commission it needs to admit that particular customer was indeed part of the chosen demographics.

It violates customer's privacy in spirit, in actuality the customer is mislead at best, and worst responsible for losing their own privacy through their own actions.

In other words, the customers are being tricked into confirming purchasing habits outside of the bank.

Very dirty and hopefully there will be an opt-out option for this voluntarily, or by law.

Re:A Technicality:

[Ruke]

Citation: (emphasis mine)

Here's how it works: Say you use your Citi-issued debit card to buy a pair of shoes at Nordstrom, and then Citi sells that information to a series of retailers. As a result, you receive a coupon from Macy's for a 20% discount on shoes at its store. The coupon is delivered by Citi, however, not from Macy's.

Re:A Technicality:

[n8_f]

But the bank didn't sell you the list of names.

Trivial. The Mormon Police just have the bank send all of those people a bogus prize certificate for a free motor boat and then when they show up to get their boat, the Mormon Police arrest them and beat them to the full extent of the law.

Re:A Technicality:

[n8_f]

You just need to know who to talk to. I'm sure that for their biggest and best customers, the bank will be happy to provide names.

No, they won't. That would be breaking the law and the whole point of this approach is to avoid breaking the law.

Re:A Technicality:

[antonyb]

This isn't the whole story.

Your bank only knows that you spent money at Nordstrom. It doesn't have an item level transaction history, so it cannot know that you bought shoes unless it has access to Nordstrom's transaction logs. Therefore, for this to really fly, the retailer has to share their t-logs with the bank. So the banks aggregate t-log data from a number of retailers, and then resell that information back to the retailers.

Ant.

Re:A Technicality:

[martin-boundary]

That's very good. Now every Nigerian spammer knows that if they send fake emails from Citi about fake Macy's coupons (which are really phishing attempts) to everybody, then Citi's customers will read the email and think "hmm, this email is a bit dodgy, but Citi usually sends me good deals, so I'll do what this one says anyway".

Re:A Technicality:

[Penguinisto]

Err, as a former resident of Utah, you don't even need to do that... just go to any casino in Wendover, Nevada (it's only 90 minutes' drive from Salt Lake) and start writing down license plate numbers...

It's like the old running local joke:

* Jews do not recognize Jesus as the messiah.
* Catholics do not recognize Martin Luther as an authority.
* Protestants do not recognize the Vatican as a Christian authority.
* Mormons do not recognize each other in Casinos, Strip Clubs, or Liquor Stores.

Banks plan to...

[Godman]

I love the sentence banks plan to..... it always fills me with hope for how their service is going to benefit me even more...
 

One company doing this...

See Cardlytics at:

http://cardlytics.com/

I chose to opt out

[blindseer]

I place a certain value on my privacy. I had one of those "loyalty cards" years ago at the nearby grocery. I'd use it to get the cheaper price on the stuff they sold me. In return I got a bunch of junk in the mail trying to sell me more stuff. When I stopped using the card I got less junk in the mail.

I had a credit card. In exchange for using the credit card the credit card company sent me stuff in the mail trying to sell me more stuff. They would also call me at home. How far and wide this information on my buying habits went hit me when I used my credit card at a gas station I don't normally visit and a couple weeks later I got a credit card advertisement in the mail from the gas station. I pay for my fuel and groceries with cash now excepting rare occasions when I forget to stop by the bank before my wallet gets too thin, then I pull out my debit card.

Not only does using cash prevent banks from selling my buying habits it also avoids the threat of my bank account information from being stolen with those hidden card readers that are popping up on gas pumps and the like. I don't even like to use ATMs any more. Not only is there a threat of my card getting copied by a hidden card reader the ATMs spit out only $20 bills. With a tank of gas costing over $60 and a grocery cart filled with food typically costing around $100 I prefer to see a real live teller so I can get $50 and $100 bills, that way my wallet doesn't get so fat and I can still buy what I need.

Now, I just wish those vending machines would take $2 and $5 bills. With a bottle of soda costing around $1.50 it makes sense to me to take the larger bills. This is also because I've had to not buy a drink because my wallet is full of $5, $20, and $100 bills.

All the crap in the mail, and the phone calls interrupting my supper, stopped for the most part once I got rid of my credit cards. Not using a debit or credit card for most purchases does mean a few more trips to the bank and having to pay for gas inside the station but that is a minor inconvenience. The bank is within walking distance of my house, and I'll often go into the gas station anyway when I travel to get a snack or use the restroom. It keeps the junk mail and cold calls down.

Re:I chose to opt out

[green1]

I have to admit that I use my credit card for pretty much everything, they pay me a cash dividend, and as I always pay my balance in full on the due date, they never charge me a penny of interest or other fees. It's convenient, and it saves me money.

I have received a total of 2 phone calls from the credit card company since signing up for the card 10 years ago. The first was them trying to sell me on a "premium" card with yearly fees. I declined and asked to stop receiving such offers. I've never been called for one again. The second was their fraud department, and they had legitimately flagged a purchase I didn't make, they refunded the purchase, cancelled my card, and couriered me a new one right away.

I have received 7 pieces of mail from the credit card company since signing up, 4 included new cards (initial card, replacement for the fraud case, replacement for expiry, "upgrade" to chip) the other 3 were offers to increase my credit limit (with no catch other than the responsibility that comes with being able to borrow larger amounts of money at a time)

I have never received a single ad by phone, mail, or email, that I have any reason to suspect has had anything at all to do with my credit card usage. The most I have ever had was the small box at the bottom of my monthly bill suggesting I upgrade to one of their "premium" cards with yearly fees, it's unobtrusive, and it's from the credit card company themselves, I always decline.

I don't know if Canadian privacy laws are just that much better, or if my bank is just a little less corrupt, but that's been my experience so far.

Re:I chose to opt out

[Errol+backfiring]

Same here. But the banks have fought back. Banks are not open anymore outside office hours, so I have the choice to either take a day off to get my money or to use an ATM. Where I live, you cannot even bring cash to a bank anymore. You read that right: banks don't accept cash. Banks' terms of service include sections on how you MUST cooperate into investigations about where your money is from. And our government made a bank account compulsory for the payment of salaries. You are very lucky to live in a place that allows such free behaviour.

What's the difference?

[blair1q]

Marketer: What did blair1q buy last week?
Bank: I would be breaking the law to tell you that.
Marketer: Did blair1q buy a toilet brush last week?
Bank: I would be breaking the law to tell you that.
Marketer: If I were to send an email to blair1q asking him to buy my toilet brush, and cut you in if he does, would that be worth anything to you?
Bank: No.
Marketer: What if it was a turnip peeler?
Bank: Put the coin in the slot, please.

Rubbing your pencil over the pad to mark it with lead and expose the un-marked indentations that were left by writing on the previous sheet is about 150 years old as an intelligence-gathering trick.

Chase Bank

[spire3661]

did this to me at the ATM today. I COULD NOT complete my ATM transaction without agreeing or denying a 2% cash back on my card if i went to a certain local italian chain (i refuse to give them more advertising). I went in and asked for a feedback form. No point in yelling at a teller for something that she has no control over. I will also be sending a formal typed and mailed letter of complaint to Chase headquarters.

Re:Chase Bank

[stephathome]

I like that way of handling it. I pay no attention to the ads that come with any statements I get, not that I get many since paperless makes so much more sense. ATM ads are just annoying. Give me my cash without insisting I view a commercial - that's not why I put my money in a bank.

I also shop at a grocery store that doesn't have any of those obnoxious club cards. Funny thing, they just give everyone the discount and it works. They have better prices than the other stores around. Rare time that I want something from a store with a club card, I mess with their data and use my sister's number, my inlaws' number, whichever I have for that location.

Re:Chase Bank

[Jah-Wren+Ryel]

I don't have those types of stores here (except Wal-Mart). But usually you can fill out all types of false information on those club cards, they'll give them to you regardless. You get the discounts and/or points but nothing in your mailbox.

Unless you pay with cash every single time using fake info on the loyalty card won't help you, they will record your real info from your checking/debit/credit card and cross-reference it for all past and future purchases. Even playing "musical loyalty cards" with a bunch of other people doesn't help too much unless you swap cards frequently.

Simple problem, simple solution...

1) Customer does stuff
2) Bank notes this
3) Advertiser asks bank to send coupon to people who did that sort of stuff
4) Bank sends customer coupon

Up to this point, the banks' lawyers are right - there's no information going anywhere bad.

5) Customer uses coupon

Now, we are giving information to the advertiser about the customer. This is BAD, and possibly illegal.

Note on the one hand that it was the customer's action that led to the information leak.
Note on the other hand, however, that the customer does not know what information was to be leaked, and so cannot be said to have given consent. Consider if Macy's asks that a normal-seeming coupon be sent to people who shopped at kinkysextoys.com, using that coupon is in no way tied in the mind of the recipient to the information at stake.

So that's the problem. The solution? Include the relevant information with the coupon. That way, the customer knows what information they are giving to the advertiser, and can absolutely be said to be opting in at that point. This does run some risk of others reading the coupon, and so these coupons must therefore be treated with the same respect given to any other form of transaction history until the customer decides to disclose them publicly by using the coupon.

When advertisers trust, it's all over

[erroneus]

So far, what has enabled nice things like adblock to work is that advertisers don't trust the people who host their ads. But in the case of facebook and apparently the banks now, advertisers are more willing to trust leaving people fewer options if they want to stop being a marketing target.

Re:Uh. So?

[Carnildo]

I fail to see any issue with this. The bank that owns my credit card has a list of the transactions I've made on it. And they are now going to send me spam targeting me based on those transactions. The bank has always had the information. The bank still has it. There is no privacy issue here.

Let's say I want to know who in your town has purchased pornographic videos. I go to the bank with a "buy one get one free" deal for my pizza parlor and have them send it to everyone who's purchased one or more porn videos. As people redeem those coupons, I build up a pretty good idea of who's watching movies they'd rather I didn't know about.

I can repeat this sort of thing with different deals and different criteria, and get a pretty good idea of what sort of information the bank has. Since the bank is kindly hiding the link between my coupons and your habits, you don't have any idea that I'm doing this.

Two Words

[ironjaw33]

Credit Union.

Re:Uh. So?

[wasabii]

I got a free pizza out of the deal. I'm cool with this.

Re:I Found A Vendor Who Does One Better

[RJFerret]

Your compulsive purchasing single Asian Jewish alternate personality must be very disappointed.

(And suffering from WoW withdrawal.)