Slashdot Mirror

← Back to Stories (view on slashdot.org)

Santander To Track Customer Location Via Mobiles and Tablets

Posted by timothy on from the truman-show dept.

New submitter raburton writes: Santander (one of the biggest banks in Europe) slipped a little note on the corner of my latest statement saying they intend to start collecting "location or other data" from mobiles and tablets that their customers own, from 1st July 2015. There is no link to further information about the policy, or any suggestion you can opt out of it. The stated aim is of course to "prevent and detect fraud", but once they have the data (and they'll probably keep it for a long time) they, or anyone who can gain access to it, can do whatever they like with it. In this day and age I find it hard to take any assurances to the contrary very seriously. Is this kind of policy common practice with banks elsewhere?

14 of 130 comments (clear)

  1. My bank doesn't do this. by Anonymous Coward · · Score: 2, Funny

    I bank with First Mattress Savings & Loan.

  2. Bank of America - Android app by Anonymous Coward · · Score: 2, Informative

    Bank of America implemented this several months ago. No additional features, of course, to even justify more invasive use.

    1. Re:Bank of America - Android app by Anonymous Coward · · Score: 3, Insightful

      Bank of America implemented this several months ago. No additional features, of course, to even justify more invasive use.

      Undoubtedly Bank of Amerika will happily provide all your tracking data to the "security services" without so much as a warrant or if a warrant is issued it will be from the unconstitutional FISA Court adjoined to a National Security Letter for Bank of Amerika.

  3. Yes, this needs to stop, but... "Help yourself". by pla · · Score: 3, Insightful

    I have exactly two non-stock apps installed on my phone - Chrome, and Adblock. I don't need a native client for my bank or Twitter or Facebook or Slashdot or anything, for that matter, that does nothing more than save me from opening Chrome and going to a particular URL.

    I just don't understand the appeal of "we have an app for that" - Why would I ever want to give a company more access to my data than they already have, and let them drain my battery faster, when I don't need to?

  4. extremely common fraud protection by raymorris · · Score: 4, Informative

    Many, possibly most, ecommerce sites do at least basic location checks for fraud protection and have for many years. The 20,000 or so sites which use our software have done so for at least ten years. If you're on the site from Comcast San Francisco at 10:00, then an hour later someone claiming to be you tries to initiate a transaction while in Russia, that's suspicious.

    That red flag is then combined with other available information to choose from one of four possible outcomes:
    The transaction is approved.
    The transaction is declined.
    The customer gets a call / text asking them to confirm the transaction.
    Verified by Visa (tm) or the cashier calls in for manual approval.

    The system works pretty well.

    Note "tracking" is slightly overstating it for two reasons. First, the bank or processor checks only the location of the transaction- we don't know or care where you are if you're not attempting a transaction against an account holder's funds at the moment. Secondly, the "location" is strictly numerical longitude and latitude to see how far you are from the last location. Is it physically possible that you traveled that fast? We don't know or care if you're in a grocery store or a strip club. We only care if "you" are 4,000 miles from where you were two hours ago.

    1. Re:extremely common fraud protection by TheGratefulNet · · Score: 3, Insightful

      it fucks me up all the time. I use a vpn and my endpoint is all over the place. google really throws a hissy fit when I send email from my home (on a vpn) using imap. mostly they grey list me and time me out. if I use my own paid email vendor things are always fine.

      but many websites do try to be smart but they fail because of vpn's.

      I get google's calendar in various non-english languages simply because I use a vpn and some site that uses g's calendar ends up showing me days of the week in various languages. heh, maybe it a learning opportunity ;)

      but this anti-vpn concept annoys me. I don't believe it rejects fraud. but it does discourage you to cloak yourself and I have my suspicions about why everyone is trying to force you to NOT anonymize, at least to the middle nodes along the way.

      --

      --
      "It is now safe to switch off your computer."
    2. Re:extremely common fraud protection by IamTheRealMike · · Score: 5, Informative

      google really throws a hissy fit when I send email from my home (on a vpn) using imap. mostly they grey list me and time me out. but this anti-vpn concept annoys me. I don't believe it rejects fraud.

      It does reject fraud. I know this because I designed the system at Google that is rejecting your logins, back when I worked there. There's a blog post about the system here. Obviously location (actually: geographical coordinates) are not the only thing that is used, it's just a signal that's carefully blended with others.

      The main reason location works as a useful anti-fraud signal is that the datasets that hackers are working off are very sparse. Normally only usernames and passwords. So they don't know where in the world you live, meaning that they have to guess. It's almost like a second password. And mostly their guess will be wrong, leading to an ID verification check.

      Now if you use VPNs or Tor or whatever that actually move you around the world constantly, then you're in a tiny minority of people that this heuristic doesn't work for. That's not so great. But here's a tip - if you enable 2-step verification on your Google account and then give your IMAP client an "app specific password" you shouldn't see rejected logins anymore, as is documented in the Google support pages. If your IMAP client knows how to use OAuth to log in, that would also work, but most don't.

  5. Re: Guess who's not getting an account with Santan by Anonymous Coward · · Score: 4, Insightful

    And this is the reason why capitalism of today doesn't work.

    It's the glory of the Free Market.

    As soon as you become successful, you can afford to start buying up the competition. That can make you more successful, so that you can buy up other competitors who have been buying up their competition. Until finally the ultimate stage of the pyramid is that there is no competition, because no one starting from scratch can afford to compete against the massive economies of scale that only a very large competitor can afford.

    All Hail The Glorious Free Market!

  6. European Data Protection Law by namgge · · Score: 3, Informative

    As this is a European company it is subject to European data protection and privacy legislation. Many countries have given their enforcement agencies quite significant enforcement powers to punish abuse and there is pressure for the penalties to be increased to the point that non-compliance is not going to be viable business model:

    http://www.computerweekly.com/...

    Namgge

  7. No Bank? by Anonymous Coward · · Score: 3, Insightful

    I did this for a long time, eschewing banks. Then, when I had enough cash, I tried to buy a cheap house with it, but, no dice. There's a law in the U.S. that's vague enough that no seller or agent will accept anything but a cashier's check because they are afraid they will be grilled by the Feds and the banks which answer to them as to where the cash came from; banks are not allowed to accept large cash transfers without reporting such to anti-drug, anti-laundering and anti-terrorism agencies.

  8. "prevent and detect fraud" by fustakrakich · · Score: 3, Informative

    Well damn! Start with the the bank president and work your way down. You'll find 90% of it before you hit four layers down the hierarchy.

    --
    “He’s not deformed, he’s just drunk!”
  9. Nope, it mostly works by rsilvergun · · Score: 4, Informative

    I'm in the payment industry and it pretty well works. There's more to it (metrics and whatnot that score up or down your transactions) but location is incredibly useful. Give it 10, 15 years and these sorts of metrics + big data parsing will pretty much eliminate point of sale fraud. Right now the only thing holding it back is processor cycles are still kinda pricy per watt in a data center, but that's changing more and more. Sure, Moore's law is done but we're nowhere's near done with reducing the energy footprint. Plus before long cell phones will replace your credit card, and when your "credit card" is a no longer a dumb piece of plastic but basically a super computer with tons advanced sensors in your pocket it opens up a whole new world.

    I know it's popular to say the hackers and crackers will always come out ahead, but really they won't. In 10-15 years the only fraud left will be the large scale investor kind and the "legal" kind where you buy up a company Bain Capital style and suck the life out of it. Small scale credit card fraud is a dying breed.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  10. Re:Guess who's not getting an account with Santand by theGhostPony · · Score: 2

    Yup. Just another reason why I still use PCs at home and protect that browsing with tools like Noscript and Flashblock.

    --
    /. Dissent will not be tolerated. Think like us or perish.
  11. Re:You keep using that word... by tompaulco · · Score: 2

    Does quarterly profits dropping more than 90% sound like Santander was a "successful" bank? http://www.bbc.com/news/business-20079104

    Santander was no more successful than US large banks and, just like US large banks, they pretended they didn't need large government bailouts by forcing their national government to bailout the people who owed Santander.

    Quarter-to-quarter profits is a HORRIBLE way to measure the viability of an organization. The sooner we all learn that, the better for all entities, corporate or human.

    --
    If you are not allowed to question your government then the government has answered your question.