Bank Puts a Billion Transaction Records Behind Analytics Site

schliz writes "Australia's UBank has put a billion real-world transaction records behind a website that allows users to compare their spending habits with others of the same gender, in the same age/income range, neighborhood and living situation. The 'PeopleLikeU' tool surfaces favorite shops and restaurants surprisingly accurately — because it's based on real customers' transactions, it lists places like good takeout joints that wouldn't normally come to mind when you think of a favorite place to eat. The bank says all data was 'deidentified' and it consulted with privacy authorities."

Re:

[jimmetry]

Yeah! And fucking iTunes with its Genius feature! I don't WANT to know what songs go well together! Data analytics is bullshit!

Re:

[Firehed]

Two words: fraud detection.

Re:

[Seumas]

Unfortunately, fraud detection works for shit.

My credit card is shut off an average of at least once per week and I have to call up the bank, sit on hold, go through the whole verification process, go through the listing of my recent purchases, etc. Then go make my purchases again. I can tell the things that are going to trigger it, before it even happens. And nothing ever changes. For example, I buy something on Steam probably twice per week. I have for every week for almost eight years. Yet, inevitably, i

Re:Why should a bank care where and how I spend ??

[cbhacking]

Wow, try switching to a not-complete-shit bank / credit provider. My bank has twice over the last 7 years put a temporary hold on my account after I bout something I don't usually buy in a location I don't usually buy things. One other time it probably would have, but I proactively called ahead and told them that I was going there on vacation, so there was no problem.

Also, they call me, not the other way around, and getting it resolved took about 10 minutes. The list of suspect purchases was short and reasonable, and definitely not things that I had a history of buying.

Your bank is crap. Time to vote with your wallet rather than complaining about it on a tech forum.

Re:

[gronofer]

I don't like the idea that a bank would decline a transaction just because it's something I wouldn't normally do. E.g., I don't usually travel, but when I do I don't want my debit card put on hold. Not that that has ever happened.

However I think it would be useful if banks could allow geographic restrictions on card usage to be set using online banking. I'd be happy to restrict it to my local area and expand the restriction temporarily as required.

It's not the bank, it's the system

[dutchwhizzman]

The credit card system has a crappy authentication method that makes it extremely easy to fake transactions when you're not the owner of the card. Card skimming is altogether too easy since people now don't stay in their own village and use electronic communication, so you can't keep CC data local and on paper only. The CC industry has been really lacking in fixing proper authentication, since these fraud detection systems and making the seller pay for the losses is so much cheaper to do. Any CC provider th

Re:

[Seumas]

Agreed. The kid who delivers my pizza has enough information to go on a spending spree on my dime.

Re:

[Anguirel]

Hmmm... what company are you using? I'd like to ensure I avoid them.

I've had it trigger twice myself. Once correctly, and once a false-positive (but not unexpected - it was a sudden business trip, and I was making purchases in another state that were also out of character - I don't eat out much, and was also buying some gifts while I was there). Both times were essentially correct in flagging improper behavior, and ensuring it was quickly noted and checked upon (as in, within minutes of the purchases, r

Re:

[Seumas]

It's Bank of America.

My spending profile can occasionally be erratic and I completely understand flagging really strange series of purchases (try filling up two tanks of gas and immediately going to the store and buying a pair of Nikes). It becomes a nuisance when we're talking about small purchases with places you've done a lot of business with for years. I shouldn't have to stop everything, because I pulled the trigger on today's $4.99 Steam sale. (It also doesn't help that Steam doesn't let you buy multi

Re:

[nedlohs]

So change banks?

If you put up with such crap then obviously there's no incentive for businesses not to dish it out.

Re:

[Seumas]

Calling your bank prior to every $2-$50 Steam purchase is a little absurd. When I bought a home theater in a single day, including a full set of B&W + Velodyne audio system, a call was totally reasonable. I also understand that several small purchases in a short period of time can be indicative of someone testing out a stolen card before going out for a real splurge with it, but not when there is an established history of purchases with it.

Re:

[Seumas]

So they can sell your data to other businesses. Not to mention, how are they going to sell you Burger King advertisements when you're reading your online banking statements? (I use Bank of America and in-between actual entries of my statement, it lists things like "10% discount on Burger King!" or "6% discount on Star Bucks!". It's fucking tacky.

Re:

[crutchy]

erm... change banks

Re:

[Lehk228]

Drop BoA they are a huge ripoff. They charge a seperate atm fee for a balance inquiry. I switched from them to a local credit union. As long as you use a NCUA credit union with shared branches you can use other credit union branches when you are out of town, some even do shared atm

But I don't want to buy iLife like other folks

[Andy Prough]

I don't really care where everyone else is spending their dough. If I cared, I would have an iPhone, a MacBook Air, an iPad, and I'd be thinking about an iPad Mini for Christmas - but I don't want that stuff. I want a new, 9 pound, i7 3rd-generation laptop with 17 inch monitor, a GeForce GTX 680MX, and 5-6 USB ports and room for twin 1TB SATA drives. That's what I want - even if no one makes one yet, or I have to pay $2600 bucks. And I'm probably not going to get it.

Privacy

[girlintraining]

The problem with 'anonymizing' the data is that while today it might seem safe, tomorrow a separate database showing a different subset of the same data source, or trace information, etc., which when combined can re-pair and de-anonymize it.

Re:Privacy

[stephanruby]

It would have been better if they had taken the opt-in approach like Mint [mint.com] does.

Re:Privacy

[fatphil]

Not necessarily true - assuming they anonymised *correctly*. I believe Helger Lipmaa (University of Tartu, he of the world's fastest software AES implementation) has at least one paper on anonymising large data sets. Basically, you randomise the data - perturb every datum by a delta from a symmetric, and not too wild, distribution. On average, the law of large numbers tells you that the mean perturbation taken over the whole set will be 0, and the standard deviation caused by your noise will decrease proportional to the square root of the sample set size (and the 2nd and higher moments will be modelable as a normal distribution). So if you're averaging over 10000 gay democrat-voting degree-educated males, the anonymised data you pass on will be rarely much more than 1% (i.e. sqrt(1/10000) ) from the real value. Average just over "humans", and the error could be so small it's below the noise floor. The process is, if you do it correctly, irreversible, as the true data isn't even in the system, so can't be extracted no matter how many different queries you perform.

Re:

[crutchy]

also, smart techy dudes are likely looking for privacy/security loopholes to exploit for marketing companies (though why the fuck a smart techy dude would want to work for a marketing company is beyond me, but i guess a salary is a salary). most security problems aren't realised until they are exploited.

"De-identifying" is WAY harder than it sounds

[Beryllium Sphere(tm)]

Especially in small samples, like the size of a neighborhood.

Re:

[Anonymous Coward]

The "favorite shops and restaurants" narrows down the neighborhood of where groups of persons with similar demographics hang out at a particular time of day.
e.g. If it is for lunch, it would be close to where the work for example.

Re:

[jittles]

Translating my info to the Australian dollar, there were 19 people like me in all of brisbane and 70 in all of Sydney. There are 700,000 people before you filter.

Re:

[commlinx]

I tried that too using Melbourne and Sydney and got similar results, but then realised it was because I was using 3000 and 2000 postcodes which are the CBD areas that probably don't have a lot of residents comparitively. Using my actual suburb which is only medium size and is Tasmania yielded 63 results and that would strike me as fairly plausible.

Results are pretty useless in a lot of areas though because of the obvious bias of using credit cards. For example "Christco Hampers" that are once a year Christm

Re:

[Bourdain]

Case in point

AOL Search Data Leak [wikipedia.org]

Re:

[Yvanhoe]

I concur. Our privacy relies on just 33 bits [33bits.org] of entropy.

Gender and age are already several bits. These listing can be used to pinpoint the location of habitation, work and shopping. Give a few more bits like a regular place to spend week ends, a regular activity, or a specialized shop, the date of a big spending (house, car) and you are not anonymous anymore.

Excuse me

[CuteSteveJobs]

> "The bank says all data was 'deidentified' and it consulted with privacy authorities."

Sure, but what about the actual customers whose data is being exposed? Someone should take nude photos of these bank bureaucrats in the shower, mosaic out their faces and put it in on the web. "Don't worry, we checked with our "privacy authorities.""

You have to wonder who these "privacy authorities" are. The Federal Privacy Commissioner is weak and except for hidden microphones, Australia has weak privacy laws: The worst penalty the Privacy Commissioner can hand out is a letter to an offending company saying "please don't do that." There is no fine or penalty so there is no deterrent.
http://www.theage.com.au/technology/technology-news/youre-being-more-closely-watched-20120916-260ko.html [theage.com.au]
http://www.privacy.org.au/Resources/POA.html [privacy.org.au]

Re:

[CuteSteveJobs]

Here's an example where Google ignored the Privacy Commissioner: http://www.news.com.au/technology/google-fails-to-comply-with-privacy-commissioner-order-to-delete-street-view-data/story-e6frfro0-1226492591021 [news.com.au]

Re:

[laron]

Personally, I think that would only count as a sign of bad taste and too much money to spend.

Learning that someone of a specific gender and age group in your neighborhood spent 50$ in Allice's and Bob's Adult Toy Store wouldn't be that much different from "anonymised" nude photos.

Re:

[Sulphur]

"anonymised" nude photos.

One way to do that would be a whole body Identi Kit with randomly replaced parts.

Re:

[crutchy]

eye for an eye doesn't work... it just prolongs

if you want to stop someone doing something you have to give them an incentive to stop, and repercussions such as posting of nude photos outweighs collection of random data to the point where the perp reconsiders the value of collecting the data

also, if it was really only you spending $5 at starbucks then fine... not so bad

...just remember to multiply that by a billion

Re:

[Sulphur]

eye for an eye doesn't work... it just prolongs

It introduces the concept of balance to some one who never thought of it. Later on one can have ideas like fines that are the value of some tort.

Re:

[crutchy]

true though... slashdot is either about google, apple, nasa, australia, or "ask slashdot: what cloud backup solution is best?"

de-identified

[whois]

Remember when it was discovered that the plugins you have installed in your browser, and which browser you were using could almost identify who you were? That's how I felt as I answered questions on the site and saw the number of matches dwindle. I'm not even an AU resident, I just answered truthfully up until it asked for the city and it had narrowed down to ~20000 matches for "people like me."

If you assume that one of those 20000 is me, and that I live in a small town then the number might get even closer to just 1. And once you factor in any other data that might correlate behind the scenes it's not hard to figure out who's who.

Remember the anonymous netflix data that they figured out how to de-anonymize? Same deal. If you're an AU resident, the data is there to uniquely identify you, they just have made a bet with the internet that people won't be able to do so.

Re:

[TheEffigy]

I do live in Australia, and when truthfully answering there are "less than 10" people like me. That's not all that surprising because I'm only 25 however.

Re:

[gronofer]

I tried it, living in a relatively small town there were 15 matches "just like me". However judging by the monthly spending patterns these people were actually nothing like me *shrug*.

I do actually have an account at the bank concerned.

Re:

[JMJimmy]

44 here, but the amount spent was insane! 4x what I spend in an average month.

Say

[thewils]

It makes for a pretty good stalking tool. Find me where all the rich young bitches hang out...

Re:

[Seumas]

Or the poor hot sluts.

Re:

[crutchy]

...or the fat uncouth chainsmoking centrelink bludgers with saggy tits and a fannies that could fit the entire collingwood footy club in

I switched to cash

[White Flame]

It's been about 5 or 6 months since I switched to using predominantly cash. Yes, it's a little less convenient in some contexts (though sit-down restaurants are faster, just leaving money on the table instead of waiting for a receipt to sign), but I simply do not want to be 100% tracked like this.

Re:

[Fjandr]

It's better for everyone to tip in cash anyway.

Re:

[neonleonb]

It's better only for the server, and it's only better because it helps them avoid taxes. In fact, that's worse for everyone in the country who is not the server.

Re:

[theArtificial]

Congratulations on being one of those people who splits lunch with their 12 coworkers and uses a card to pay. I hate being behind people like you, the ones who use their cards to pay for lotto tickets and hold the line up charging $1 items. The only people worse than the card payers are the people who write checks.

It's better only for the server, and it's only better because it helps them avoid taxes.

You're complaining about tipping a server cash because they MIGHT not pay taxes on it? What a nice leap of logic, cash == avoiding taxes. Looks like the media is winning. What next, if you don't i

Re:

[theArtificial]

This guy is a PhD at Google. I wonder if he is affiliated with their payment scheme, you know the exact opposite of that anonymous payment method which is used exclusively for evil. Sign in, associate your phone number with your email address, use our software which bleeds information about you, and use our convenient payment platform for great good. That sound you just heard was someone getting a giant boner for a subpoena. What next, anonymity is unpatriotic and suspect?

Meanwhile heard in the secret und

Re:

[theArtificial]

It was the quickest link I could find which illustrated what I was attempting to convey. Here is a less douchey .com link [usgovernmentspending.com].

Re:

[neonleonb]

Those are many good reasons to *pay* in cash. You specified *tip*, and the only reason specific to tipping that I can think of is tax avoidance.

Re:

[theArtificial]

Those are many good reasons to *pay* in cash. You specified *tip*

I did not specify tip. You are suffering from not paying attention, here's a hint: I'm not the one you initially replied to. You are now aware you're on a forum visited by multiple individuals, or are we?

and the only reason specific to tipping that I can think of is tax avoidance.

Here is another one, convenience. If I paid in cash, why would I tip with a card? Just curious, is that how you do it in the bay area now? Inquiring minds...

Re:

[neonleonb]

Sorry, *Fjandr* specified tip.

I think you're right that paying in cash is usually the best option, if for nothing else than relieving the business of the credit card fee. But I also think that "tipping in cash" implies tipping in cash on top of a credit card payment, usually for tax avoidance, and that's what bothers me.

Re:

[theArtificial]

I think you're right that paying in cash is usually the best option, if for nothing else than relieving the business of the credit card fee.

I'd be surprised if it hasn't been factored into the cost of doing business. Since you have a great interest in taxes why are you paying with cash at all? After all, shouldn't the employer be the focus of taxes instead of the people who actually serve you (and it)? Why just tips? Were you waiting tables while you went to school and forced to itemize everything while someone else didn't and now you have this traumatic past experience looming over you? Are you at all familiar with Steve Buscemi's Character in

Re:

[Fjandr]

In the USA, food service industry employees are taxed based on a minimum of 8% of their gross sales receipts. That increases if their declared tips exceed that amount, but does not decrease below that under any circumstances.

Additionally, credit card tips are used by many employers as a method of controlling staff. There are also a number of common schemes wherein employees don't receive credit card tips at all. These are many, varied, and the descriptions of them are far more detailed than I'm willing to i

Re:

[IndustrialComplex]

Yeah... you also missed the part where tipping in cash sucks if you are NOT the server but are also due a percentage of the tips.

I worked as a busboy at a restaurant and I was owed a share of the tips. The 'going' rate for recording tips was 50% of what was received. I was supposed to get a 10% cut of the original tip. So let me tell you that it was really annoying to track just how much the servers were cutting out of my pay when cash was exchanged.

Re:

[theArtificial]

Thanks for the insight!

Yeah... you also missed the part where tipping in cash sucks if you are NOT the server but are also due a percentage of the tips.

That has nothing to do with the customer and everything to do with the people you work with. The post I replied to made a broad claim saying that the only reason for tipping cash is tax evasion. My understanding is the wait staff are to tip the people who prep the tables, quicker turn around time means more people served, meaning more money (in theory with that system). If you cheat the people who support you don't expect stellar service, seems counter productive.

Do you also believe

Re:

[crutchy]

hahahaha... its funny that you think taxes are used for things that they are meant for.... you poor (but probably ignorantly happy) fool

Re:

[ColdWetDog]

> It's been about 5 or 6 months since I switched to using predominantly cash.
> [...] I simply do not want to be 100% tracked like this.

Unfortunately, bills can also be tracked.
There's a different serial numbers on each banknote, doesn't matter if you use Euro or US bills.
Given the current privacy situation in our world, in pretty much all countries it's pretty safe to say these are being tracked wherever possible.
So, while you may not be 100% tracked, it's still happening.

Well, you should be pretty easy to track. We'll just look for the house, car, dog and aquarium covered in tin foil.

Re:

[bloodhawk]

I used to operate the same way up until about 6 years ago, I then wanted a loan for an investment property. Low an behold having no debt and no credit card record meant I actually didn't have a payment history the bank could use for a loan even though I had close to a hundred k in cash. Ever since then I have practically used my credit cards for everything (always paid off before end of month). I hate the fact that my history is tracked, but I hate the inconvenience of not being able to loan money when I wa

Business Privacy

[bhlowe]

This is violation of a business privacy as well. Sure, you might not be paying taxes and the tax collector might see you get business form rich yuppies.. but it could also tell a competitor business how well you are doing without getting off the couch. Seems like an unfair use of private data.

I tried it.

[Anne_Nonymous]

According to the site I should be spending $1350 a month more on beer to be keeping up with the neighbors.

Re:

[jittles]

I hope you enjoy alcoholism. Good luck with that. ;). That's a lot of beer.

Re:

[mjwx]

I hope you enjoy alcoholism. Good luck with that. ;). That's a lot of beer.

Not in Australia.

A carton of beer is 24 x 330 to 375 ml bottles.

A carton of cheap beer is A$35. You want decent beer its A$50-60. You want nice beer, well just bend over and take it (A$70+).

Thats for drinking at home, drinking whilst out gets better. For a pint (600ml for arguments sake, this varies by state) of beer you're looking at between $7 and $12. A 330 ml bottle is about the same. A shot of liquor is A$12.

So someone who goes out a few times a week and has a total of 12 pints* per week @A

Re:

[LoztInSpace]

I just paid 17 fucking dollars for a beer (I didn't realise it - it was on the tab). Admittedly it was a guest beer and the guy asked me to read the menu, but I just wanted to try something different so I just started from the pump on the left and worked my way right. 17 FUCKING DOLLARS!!!
Spookily enough though, the pub I was in before I came in and surfed /. was #1 on the sites "Food & Drink", so can't really argue with its accuracy.

Re:

[jittles]

I would definitely be considered a lightweight in Australia, then! By those measures I am saving about $1300 a month ;)

You can buy an 18 pack (12 oz, ~350ml cans or bottles) of something cheap like Coors light for ~$15 here. A good 6-pack of 12oz bottles of German beer would run you about $10. But you can go out and sometimes get 2 for 1 beers for $4 here. If you know the bartender really well it gets even cheaper. ;)

Interesting *whose* privacy they're violating...

[Anonymous Coward]

I'm a uBank customer, got a bit annoyed about them publishing my data like this, "disaggregated" or not.

Then I remembered that uBank only do mortgages, savings accounts, and term deposits (I have the latter), nothing with a credit or debit card attached that would provide the kind of data they're bragging about. Put simply, it's not my data. From the FAQ, emphasis and clicky links mine:

"PeopleLikeU insights are a combination of census data, consumer spend information sourced from Quantium's Market Bluepri [quantium.com.au]

Re:

[gronofer]

Likewise, I always use cash in shops. I'd prefer that the bank/government doesn't have an itemised list of everything I spend. Hopefully enough like-minded people are around to prevent the "cashless society" that some pundits seem to prefer, but to me sounds like something out of 1984, the novel.

In the U.S. As Well

[makitso]

I work for a large US Bank that is dong the same thing.... its spelled Omniture.

How can it be anonymous

[phorm]

Sure, they'll wipe out the same and address, but if you can associate that "random person X" bought pizza at [location X] regularly, gets gas/petrol as [station x], etc etc you're going to have a pretty good finger on where that person lives or works. If you associate purchases to a weekend you'll more likely have a home location.

Now add in that person X goes to a female-only gym, and you've got gender.
Tie in times of purchases and you've got a regular schedule. Even if you don't know the person's name yet,