We're All Being Judged By a Secret 'Trustworthiness' Score

schwit1 writes: Nearly everything we buy, how we buy, and where we're buying from is secretly fed into AI-powered verification services that help companies guard against credit-card and other forms of fraud, according to the Wall Street Journal.

More than 16,000 signals are analyzed by a service called Sift, which generates a "Sift score" ranging from 1 to 100. The score is used to flag devices, credit cards and accounts that a vendor may want to block based on a person or entity's overall "trustworthiness" score, according to a company spokeswoman.

From the Sift website: "Each time we get an event be it a page view or an API event we extract features related to those events and compute the Sift Score. These features are then weighed based on fraud we've seen both on your site and within our global network, and determine a user's Score. There are features that can negatively impact a Score as well as ones which have a positive impact."

The system is similar to a credit score except there's no way to find out your own Sift score.

Factors which contribute to one's Sift score (per the WSJ):

• Is the account new?
• Are there are a lot of digits at the end of an email address?
• Is the transaction coming from an IP address that's unusual for your account?
• Is the transaction coming from a region where there are a lot of hackers, such as China, Russia or Eastern Europe?
• Is the transaction coming from an anonymization network?
• Is the transaction happening at an odd time of day?
• Has the credit card being used had chargebacks associated with it?
• Is the browser different from what you typically use?
• Is the device different from what you typically use?
• Is the cadence of the way you typed out your password typical for you? (tracked by some advanced systems)

AWS Crazieness...

[aaarrrgggh]

Failed opening an AWS account while in Thailand and using a (cheap) SIP provider for a US number, despite giving them everything they asked for (absurd requests). These systems get annoying and expensive for the people that don’t fit the “normal” profile.

And today Google locked me out of my business email for the correct password from an IP address that just checked my email successfully.

Screw this hosted cloud shit. I’m going back to a physical server I have physical control over. (Even if it might have to be in my mom’s basement.)

Next stop: chilling effects

[mrwireless]

Once the majority of people realize that all their behavior is turned into these scores, and that these scores have increasing influence over their lives, you will start to see serious chilling effects.

Heck, we are already seeing those.

In the long run this could lead to social cooling, where society becomes more rigid, less able to change.

Re:Ummm....

[Zmobie]

Ok, here is the problem. Yes, they are rating the trustworthiness of the transaction, but in order to do that they are holding and computing vast amounts of heuristic data about you and your shopping/card usage patterns. That type of data is HIGHLY sensitive and can reveal a vast amount about a person, and there is literally nothing governing their usage of that data. They could sell it to almost anyone (probably including sanctioned governments if they get creative enough) and it would have serious implications with virtually no legal liability. Imagine a spy agency having a financial vulnerability list of who to target for recruiting. Think about the fact that they are essentially able to predict your movements and purchases with probably terrifying accuracy. This is a digital gold mine and we have no idea who might entice/force them to give them access.

Fraud prevention is important, but this type of data collection is fucking scary.