When there's only one

...there's only one choice
Everything here is my opinion. I do not speak for your employer.
December 2006
January 2007

2006-12-13 »

Banks mining personal information?

pcolijn wrote about his suspicions that banks are "mining the data and no doubt selling it to all kinds of sketchy advertising companies" (referring specifically to CIBC in Canada).

As a newly-minted representative of the banking industry(*), I can tell you that this is actually nothing to worry about. First of all, Canada has pretty serious privacy laws that prevent people from doing various kinds of underhanded things without your permissions. Of course, you've probably signed away that permission by now. But secondly, banks are especially tightly regulated, and they just can't do that sort of thing, period.

Banks are only allowed to collect information about you that they need to run their business: in the case of credit cards, that means where you made a purchase and for how much, but not what you bought. And their own technology prevents them from collecting that information: they deliberately separate the credit card reader machines from the cash registers. A cashier enters the amount from the cash register into the reader, then you swipe your card and pay that amount. That means the bank never gets more information than the price, and the cash register never gets to see who you are or what your card number is. So the bank can't mine your product preferences, and the store can't even correlate one sale to the next. The store computer simply doesn't know who you are.

The bank could mine your store preferences, but they're not allowed to. And every single thing a bank does is examined carefully by government regulators, so it just doesn't happen. And even if it did happen, if they ever sold that information to someone else, the regulators would certaily have a heart attack. Banks only mine this information for security and fraud detection purposes. Or, in the case of CIBC, what seems to be an honest feature they created to actually help their customers. I know, I can't believe it either.

For stores, on the other hand, there are various ways to get around the mining restrictions. Any time you give a store your personal information, it becomes an information free-for-all. For example, loyalty/points cards do go through the cash register, precisely because the store wants to correlate your purchase habits. And cross-store cards like Air Miles mean advertisers can, and very much do, correlate your purchasing habits across stores. You didn't think all those stores just wanted to give you free stuff for fun, did you? That (combined with my laziness) is one reason I avoid loyalty cards.

I have no idea whether any of the above is true in the U.S. I do know they have rather, er, lax or nonexistent privacy laws. So watch out.

(*) Disclaimer: Everything I write anywhere is, at most, my own personal opinion, and sometimes not even that. I don't represent anyone or anything in the banking industry, least of all my employer, past employers, future employers, or clients, none of whom I expect to have any opinion on any topic whatsoever. But I don't represent them when I say that either. Please don't sue me. Thanks.

I'm CEO at Tailscale, where we make network problems disappear.

Why would you follow me on twitter? Use RSS.

apenwarr on gmail.com