Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Australia Stats Technology Your Rights Online

Bank Puts a Billion Transaction Records Behind Analytics Site 86

schliz writes "Australia's UBank has put a billion real-world transaction records behind a website that allows users to compare their spending habits with others of the same gender, in the same age/income range, neighborhood and living situation. The 'PeopleLikeU' tool surfaces favorite shops and restaurants surprisingly accurately — because it's based on real customers' transactions, it lists places like good takeout joints that wouldn't normally come to mind when you think of a favorite place to eat. The bank says all data was 'deidentified' and it consulted with privacy authorities."
This discussion has been archived. No new comments can be posted.

Bank Puts a Billion Transaction Records Behind Analytics Site

Comments Filter:
  • Privacy (Score:3, Insightful)

    by girlintraining ( 1395911 ) on Thursday November 08, 2012 @08:14PM (#41926563)

    The problem with 'anonymizing' the data is that while today it might seem safe, tomorrow a separate database showing a different subset of the same data source, or trace information, etc., which when combined can re-pair and de-anonymize it.

    • Re:Privacy (Score:4, Interesting)

      by stephanruby ( 542433 ) on Thursday November 08, 2012 @08:31PM (#41926697)

      It would have been better if they had taken the opt-in approach like Mint [] does.

    • Re:Privacy (Score:5, Insightful)

      by fatphil ( 181876 ) on Thursday November 08, 2012 @09:50PM (#41927417) Homepage
      Not necessarily true - assuming they anonymised *correctly*. I believe Helger Lipmaa (University of Tartu, he of the world's fastest software AES implementation) has at least one paper on anonymising large data sets. Basically, you randomise the data - perturb every datum by a delta from a symmetric, and not too wild, distribution. On average, the law of large numbers tells you that the mean perturbation taken over the whole set will be 0, and the standard deviation caused by your noise will decrease proportional to the square root of the sample set size (and the 2nd and higher moments will be modelable as a normal distribution). So if you're averaging over 10000 gay democrat-voting degree-educated males, the anonymised data you pass on will be rarely much more than 1% (i.e. sqrt(1/10000) ) from the real value. Average just over "humans", and the error could be so small it's below the noise floor. The process is, if you do it correctly, irreversible, as the true data isn't even in the system, so can't be extracted no matter how many different queries you perform.
    • also, smart techy dudes are likely looking for privacy/security loopholes to exploit for marketing companies (though why the fuck a smart techy dude would want to work for a marketing company is beyond me, but i guess a salary is a salary). most security problems aren't realised until they are exploited.
  • by Beryllium Sphere(tm) ( 193358 ) on Thursday November 08, 2012 @08:15PM (#41926579) Homepage Journal

    Especially in small samples, like the size of a neighborhood.

    • by Anonymous Coward

      The "favorite shops and restaurants" narrows down the neighborhood of where groups of persons with similar demographics hang out at a particular time of day.
      e.g. If it is for lunch, it would be close to where the work for example.

    • Case in point

      AOL Search Data Leak []
    • by Yvanhoe ( 564877 )
      I concur. Our privacy relies on just 33 bits [] of entropy.

      Gender and age are already several bits. These listing can be used to pinpoint the location of habitation, work and shopping. Give a few more bits like a regular place to spend week ends, a regular activity, or a specialized shop, the date of a big spending (house, car) and you are not anonymous anymore.
  • by CuteSteveJobs ( 1343851 ) on Thursday November 08, 2012 @08:24PM (#41926643)
    > "The bank says all data was 'deidentified' and it consulted with privacy authorities."

    Sure, but what about the actual customers whose data is being exposed? Someone should take nude photos of these bank bureaucrats in the shower, mosaic out their faces and put it in on the web. "Don't worry, we checked with our "privacy authorities.""

    You have to wonder who these "privacy authorities" are. The Federal Privacy Commissioner is weak and except for hidden microphones, Australia has weak privacy laws: The worst penalty the Privacy Commissioner can hand out is a letter to an offending company saying "please don't do that." There is no fine or penalty so there is no deterrent. [] []
  • de-identified (Score:5, Insightful)

    by whois ( 27479 ) on Thursday November 08, 2012 @08:28PM (#41926665) Homepage

    Remember when it was discovered that the plugins you have installed in your browser, and which browser you were using could almost identify who you were? That's how I felt as I answered questions on the site and saw the number of matches dwindle. I'm not even an AU resident, I just answered truthfully up until it asked for the city and it had narrowed down to ~20000 matches for "people like me."

    If you assume that one of those 20000 is me, and that I live in a small town then the number might get even closer to just 1. And once you factor in any other data that might correlate behind the scenes it's not hard to figure out who's who.

    Remember the anonymous netflix data that they figured out how to de-anonymize? Same deal. If you're an AU resident, the data is there to uniquely identify you, they just have made a bet with the internet that people won't be able to do so.

    • I do live in Australia, and when truthfully answering there are "less than 10" people like me. That's not all that surprising because I'm only 25 however.
    • I tried it, living in a relatively small town there were 15 matches "just like me". However judging by the monthly spending patterns these people were actually nothing like me *shrug*.

      I do actually have an account at the bank concerned.

  • by thewils ( 463314 ) on Thursday November 08, 2012 @08:36PM (#41926751) Journal

    It makes for a pretty good stalking tool. Find me where all the rich young bitches hang out...

  • I switched to cash (Score:5, Interesting)

    by White Flame ( 1074973 ) on Thursday November 08, 2012 @08:37PM (#41926757)

    It's been about 5 or 6 months since I switched to using predominantly cash. Yes, it's a little less convenient in some contexts (though sit-down restaurants are faster, just leaving money on the table instead of waiting for a receipt to sign), but I simply do not want to be 100% tracked like this.

    • by Fjandr ( 66656 )

      It's better for everyone to tip in cash anyway.

      • It's better only for the server, and it's only better because it helps them avoid taxes. In fact, that's worse for everyone in the country who is not the server.

        • Congratulations on being one of those people who splits lunch with their 12 coworkers and uses a card to pay. I hate being behind people like you, the ones who use their cards to pay for lotto tickets and hold the line up charging $1 items. The only people worse than the card payers are the people who write checks.

          It's better only for the server, and it's only better because it helps them avoid taxes.

          You're complaining about tipping a server cash because they MIGHT not pay taxes on it? What a nice leap of logic, cash == avoiding taxes. Looks like the media is winning. What next, if you don't i

          • Those are many good reasons to *pay* in cash. You specified *tip*, and the only reason specific to tipping that I can think of is tax avoidance.

            • Those are many good reasons to *pay* in cash. You specified *tip*

              I did not specify tip. You are suffering from not paying attention, here's a hint: I'm not the one you initially replied to. You are now aware you're on a forum visited by multiple individuals, or are we?

              and the only reason specific to tipping that I can think of is tax avoidance.

              Here is another one, convenience. If I paid in cash, why would I tip with a card? Just curious, is that how you do it in the bay area now? Inquiring minds...

              • Sorry, *Fjandr* specified tip.

                I think you're right that paying in cash is usually the best option, if for nothing else than relieving the business of the credit card fee. But I also think that "tipping in cash" implies tipping in cash on top of a credit card payment, usually for tax avoidance, and that's what bothers me.

                • I think you're right that paying in cash is usually the best option, if for nothing else than relieving the business of the credit card fee.

                  I'd be surprised if it hasn't been factored into the cost of doing business. Since you have a great interest in taxes why are you paying with cash at all? After all, shouldn't the employer be the focus of taxes instead of the people who actually serve you (and it)? Why just tips? Were you waiting tables while you went to school and forced to itemize everything while someone else didn't and now you have this traumatic past experience looming over you? Are you at all familiar with Steve Buscemi's Character in

            • by Fjandr ( 66656 )

              In the USA, food service industry employees are taxed based on a minimum of 8% of their gross sales receipts. That increases if their declared tips exceed that amount, but does not decrease below that under any circumstances.

              Additionally, credit card tips are used by many employers as a method of controlling staff. There are also a number of common schemes wherein employees don't receive credit card tips at all. These are many, varied, and the descriptions of them are far more detailed than I'm willing to i

          • Yeah... you also missed the part where tipping in cash sucks if you are NOT the server but are also due a percentage of the tips.

            I worked as a busboy at a restaurant and I was owed a share of the tips. The 'going' rate for recording tips was 50% of what was received. I was supposed to get a 10% cut of the original tip. So let me tell you that it was really annoying to track just how much the servers were cutting out of my pay when cash was exchanged.

            • Thanks for the insight!

              Yeah... you also missed the part where tipping in cash sucks if you are NOT the server but are also due a percentage of the tips.

              That has nothing to do with the customer and everything to do with the people you work with. The post I replied to made a broad claim saying that the only reason for tipping cash is tax evasion. My understanding is the wait staff are to tip the people who prep the tables, quicker turn around time means more people served, meaning more money (in theory with that system). If you cheat the people who support you don't expect stellar service, seems counter productive.

              Do you also believe

        • hahahaha... its funny that you think taxes are used for things that they are meant for.... you poor (but probably ignorantly happy) fool
    • I used to operate the same way up until about 6 years ago, I then wanted a loan for an investment property. Low an behold having no debt and no credit card record meant I actually didn't have a payment history the bank could use for a loan even though I had close to a hundred k in cash. Ever since then I have practically used my credit cards for everything (always paid off before end of month). I hate the fact that my history is tracked, but I hate the inconvenience of not being able to loan money when I wa
  • This is violation of a business privacy as well. Sure, you might not be paying taxes and the tax collector might see you get business form rich yuppies.. but it could also tell a competitor business how well you are doing without getting off the couch. Seems like an unfair use of private data.
  • I tried it. (Score:4, Funny)

    by Anne_Nonymous ( 313852 ) on Thursday November 08, 2012 @09:17PM (#41927155) Homepage Journal

    According to the site I should be spending $1350 a month more on beer to be keeping up with the neighbors.

    • I hope you enjoy alcoholism. Good luck with that. ;). That's a lot of beer.
      • by mjwx ( 966435 )

        I hope you enjoy alcoholism. Good luck with that. ;). That's a lot of beer.

        Not in Australia.

        A carton of beer is 24 x 330 to 375 ml bottles.

        A carton of cheap beer is A$35. You want decent beer its A$50-60. You want nice beer, well just bend over and take it (A$70+).

        Thats for drinking at home, drinking whilst out gets better. For a pint (600ml for arguments sake, this varies by state) of beer you're looking at between $7 and $12. A 330 ml bottle is about the same. A shot of liquor is A$12.

        So someone who goes out a few times a week and has a total of 12 pints* per week @A

        • I just paid 17 fucking dollars for a beer (I didn't realise it - it was on the tab). Admittedly it was a guest beer and the guy asked me to read the menu, but I just wanted to try something different so I just started from the pump on the left and worked my way right. 17 FUCKING DOLLARS!!!
          Spookily enough though, the pub I was in before I came in and surfed /. was #1 on the sites "Food & Drink", so can't really argue with its accuracy.
        • I would definitely be considered a lightweight in Australia, then! By those measures I am saving about $1300 a month ;)

          You can buy an 18 pack (12 oz, ~350ml cans or bottles) of something cheap like Coors light for ~$15 here. A good 6-pack of 12oz bottles of German beer would run you about $10. But you can go out and sometimes get 2 for 1 beers for $4 here. If you know the bartender really well it gets even cheaper. ;)

  • I'm a uBank customer, got a bit annoyed about them publishing my data like this, "disaggregated" or not.

    Then I remembered that uBank only do mortgages, savings accounts, and term deposits (I have the latter), nothing with a credit or debit card attached that would provide the kind of data they're bragging about. Put simply, it's not my data. From the FAQ, emphasis and clicky links mine:

    "PeopleLikeU insights are a combination of census data, consumer spend information sourced from Quantium's Market Bluepri []

  • I work for a large US Bank that is dong the same thing.... its spelled Omniture.
  • Sure, they'll wipe out the same and address, but if you can associate that "random person X" bought pizza at [location X] regularly, gets gas/petrol as [station x], etc etc you're going to have a pretty good finger on where that person lives or works. If you associate purchases to a weekend you'll more likely have a home location.

    Now add in that person X goes to a female-only gym, and you've got gender.
    Tie in times of purchases and you've got a regular schedule. Even if you don't know the person's name yet,

"I prefer the blunted cudgels of the followers of the Serpent God." -- Sean Doran the Younger