Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank Puts a Billion Transaction Records Behind Analytics Site

Posted by samzenpus on from the keep-up-with-the-joneses dept.

schliz writes "Australia's UBank has put a billion real-world transaction records behind a website that allows users to compare their spending habits with others of the same gender, in the same age/income range, neighborhood and living situation. The 'PeopleLikeU' tool surfaces favorite shops and restaurants surprisingly accurately — because it's based on real customers' transactions, it lists places like good takeout joints that wouldn't normally come to mind when you think of a favorite place to eat. The bank says all data was 'deidentified' and it consulted with privacy authorities."

20 of 86 comments (clear)

  1. Re:Why should a bank care where and how I spend ?? by jimmetry · · Score: 2, Funny

    Yeah! And fucking iTunes with its Genius feature! I don't WANT to know what songs go well together! Data analytics is bullshit!

  2. Privacy by girlintraining · · Score: 2, Insightful

    The problem with 'anonymizing' the data is that while today it might seem safe, tomorrow a separate database showing a different subset of the same data source, or trace information, etc., which when combined can re-pair and de-anonymize it.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Privacy by stephanruby · · Score: 3, Interesting

      It would have been better if they had taken the opt-in approach like Mint does.

    2. Re:Privacy by fatphil · · Score: 5, Insightful

      Not necessarily true - assuming they anonymised *correctly*. I believe Helger Lipmaa (University of Tartu, he of the world's fastest software AES implementation) has at least one paper on anonymising large data sets. Basically, you randomise the data - perturb every datum by a delta from a symmetric, and not too wild, distribution. On average, the law of large numbers tells you that the mean perturbation taken over the whole set will be 0, and the standard deviation caused by your noise will decrease proportional to the square root of the sample set size (and the 2nd and higher moments will be modelable as a normal distribution). So if you're averaging over 10000 gay democrat-voting degree-educated males, the anonymised data you pass on will be rarely much more than 1% (i.e. sqrt(1/10000) ) from the real value. Average just over "humans", and the error could be so small it's below the noise floor. The process is, if you do it correctly, irreversible, as the true data isn't even in the system, so can't be extracted no matter how many different queries you perform.

      --
      Also FatPhil on SoylentNews, id 863
  3. "De-identifying" is WAY harder than it sounds by Beryllium+Sphere(tm) · · Score: 5, Insightful

    Especially in small samples, like the size of a neighborhood.

  4. Excuse me by CuteSteveJobs · · Score: 2

    > "The bank says all data was 'deidentified' and it consulted with privacy authorities."

    Sure, but what about the actual customers whose data is being exposed? Someone should take nude photos of these bank bureaucrats in the shower, mosaic out their faces and put it in on the web. "Don't worry, we checked with our "privacy authorities.""

    You have to wonder who these "privacy authorities" are. The Federal Privacy Commissioner is weak and except for hidden microphones, Australia has weak privacy laws: The worst penalty the Privacy Commissioner can hand out is a letter to an offending company saying "please don't do that." There is no fine or penalty so there is no deterrent.
    http://www.theage.com.au/technology/technology-news/youre-being-more-closely-watched-20120916-260ko.html
    http://www.privacy.org.au/Resources/POA.html

    1. Re:Excuse me by CuteSteveJobs · · Score: 2

      Here's an example where Google ignored the Privacy Commissioner: http://www.news.com.au/technology/google-fails-to-comply-with-privacy-commissioner-order-to-delete-street-view-data/story-e6frfro0-1226492591021

  5. de-identified by whois · · Score: 5, Insightful

    Remember when it was discovered that the plugins you have installed in your browser, and which browser you were using could almost identify who you were? That's how I felt as I answered questions on the site and saw the number of matches dwindle. I'm not even an AU resident, I just answered truthfully up until it asked for the city and it had narrowed down to ~20000 matches for "people like me."

    If you assume that one of those 20000 is me, and that I live in a small town then the number might get even closer to just 1. And once you factor in any other data that might correlate behind the scenes it's not hard to figure out who's who.

    Remember the anonymous netflix data that they figured out how to de-anonymize? Same deal. If you're an AU resident, the data is there to uniquely identify you, they just have made a bet with the internet that people won't be able to do so.

    1. Re:de-identified by gronofer · · Score: 2

      I tried it, living in a relatively small town there were 15 matches "just like me". However judging by the monthly spending patterns these people were actually nothing like me *shrug*.

      I do actually have an account at the bank concerned.

  6. Re:Why should a bank care where and how I spend ?? by Firehed · · Score: 2

    Two words: fraud detection.

    --
    How are sites slashdotted when nobody reads TFAs?
  7. Say by thewils · · Score: 2

    It makes for a pretty good stalking tool. Find me where all the rich young bitches hang out...

    --
    Once I was a four stone apology. Now I am two separate gorillas.
    1. Re:Say by Seumas · · Score: 2

      Or the poor hot sluts.

  8. I switched to cash by White+Flame · · Score: 5, Interesting

    It's been about 5 or 6 months since I switched to using predominantly cash. Yes, it's a little less convenient in some contexts (though sit-down restaurants are faster, just leaving money on the table instead of waiting for a receipt to sign), but I simply do not want to be 100% tracked like this.

    1. Re:I switched to cash by Fjandr · · Score: 2

      It's better for everyone to tip in cash anyway.

    2. Re:I switched to cash by theArtificial · · Score: 2
      Congratulations on being one of those people who splits lunch with their 12 coworkers and uses a card to pay. I hate being behind people like you, the ones who use their cards to pay for lotto tickets and hold the line up charging $1 items. The only people worse than the card payers are the people who write checks.

      It's better only for the server, and it's only better because it helps them avoid taxes.

      You're complaining about tipping a server cash because they MIGHT not pay taxes on it? What a nice leap of logic, cash == avoiding taxes. Looks like the media is winning. What next, if you don't identify yourself online you're a terrorist and/or into child porn? I thought it was more people in and out the more money the establishment makes, anything that can be done to expedite that everyone wins, right? Why don't you focus your efforts on something like Hollywood Accounting.

      In fact, that's worse for everyone in the country who is not the server.

      As far as everyone in the country is concerned, you're implying that we don't raise enough tax money? The problem is not about taxing, but spending. Here is a fancy picture that'll be easy to digest which illustrates federal spending by household is skyrocketing. Holy shit, you better get those waiters to save our collective asses!

      --
      Man blir trött av att gå och göra ingenting.
  9. Re:Why should a bank care where and how I spend ?? by Seumas · · Score: 3, Informative

    Unfortunately, fraud detection works for shit.

    My credit card is shut off an average of at least once per week and I have to call up the bank, sit on hold, go through the whole verification process, go through the listing of my recent purchases, etc. Then go make my purchases again. I can tell the things that are going to trigger it, before it even happens. And nothing ever changes. For example, I buy something on Steam probably twice per week. I have for every week for almost eight years. Yet, inevitably, it triggers fraud detection on my card every two or three times.

    The same happens with many other purchases, but Steam is the most common. I could understand, if they didn't have a database showing that I have made hundreds or thousands of purchases with them over the past decade. It also happens almost every time I order something from Apple. And many other places. . . . despite a history of buying things from them.

    I appreciate them keeping an eye out and protecting me if someone gets my card and goes nuts, but it's not worth having to go through this hassle EVERY WEEK.

  10. Re:Why should a bank care where and how I spend ?? by cbhacking · · Score: 5, Interesting

    Wow, try switching to a not-complete-shit bank / credit provider. My bank has twice over the last 7 years put a temporary hold on my account after I bout something I don't usually buy in a location I don't usually buy things. One other time it probably would have, but I proactively called ahead and told them that I was going there on vacation, so there was no problem.

    Also, they call me, not the other way around, and getting it resolved took about 10 minutes. The list of suspect purchases was short and reasonable, and definitely not things that I had a history of buying.

    Your bank is crap. Time to vote with your wallet rather than complaining about it on a tech forum.

    --
    There's no place I could be, since I've found Serenity...
  11. I tried it. by Anne_Nonymous · · Score: 4, Funny

    According to the site I should be spending $1350 a month more on beer to be keeping up with the neighbors.

  12. Re:It's not the bank, it's the system by Seumas · · Score: 2

    Agreed. The kid who delivers my pizza has enough information to go on a spending spree on my dime.

  13. In the U.S. As Well by makitso · · Score: 2

    I work for a large US Bank that is dong the same thing.... its spelled Omniture.