Square Sends Millions of Digital Receipts, Sometimes To the Wrong Person (wsj.com) 39
With access to years of data on the purchase activity of hundreds of millions of unique credit and debit cards across millions of small businesses, payments app Square has a window into spending patterns that few other tech companies can match. By supplementing that data with contact details that shoppers provide to Square for the purpose of getting digital receipts, the company is able to assemble expansive profiles of consumer behavior that it can use to run marketing and loyalty programs for its small-business customers. But misfires happen. From a report: Square has forwarded receipts documenting transactions as mundane as a cup of coffee and as sensitive as an obstetrician's visit to people who were uninvolved in the purchases, according to emails reviewed by The Wall Street Journal. In some cases, neither the purchaser nor the recipient could say why Square sent receipts to the people it did. At issue are the methods that tech companies employ to make money off of the financial data of their users, as well as the degree to which those companies disclose or get consent from their users about those efforts. Data on individuals' credit-card transactions can be particularly delicate and more revealing than their social-media posts or web-browsing activity. The Journal reported last year that Facebook requested detailed information from large U.S. banks about their customers as part of an effort to offer new services to users, but that data privacy emerged as a sticking point.
This is the reason we always need a cash option (Score:2, Insightful)
Re: (Score:3, Insightful)
And that is exactly why the powers that be are trying so hard to eliminate it as an option.
Re: (Score:2)
pffft, not seeing a shred of evidence of that. Cash is still everywhere, and you can use it if you want to. My chinese in-laws operate that way, just because they're old and old fashioned.
Re: (Score:2)
Be careful of how much cash you carry with you, and what state you're in [wikipedia.org].
Re: (Score:2)
right, if you're making or carrying controlled substances that would be a problem. Otherwise the likely result is refund if they sieze without reason. Of course, in areas where cops are doing to be dicks anyway and get supported by dick courts they can seize car, property, clothing, beat you....
not seeing any reason to stop carrying cash there, sorry. It's mostly not happening in most places.
Never provide an e-mail (Score:2)
At regular checkouts where they give you the option of an e-mail receipt, I always select None or Paper if None is not an option. I'd rather waste some paper than get my e-mail address on some fucking tracking list. Then they just keep spamming you too. At Office Max there's an "I Agree" screen where you agree to their stupid mailing list. Fuck that shit.
Re: (Score:2)
I'm thinking a lot of people here need to turn in their geek card.
I have an infinite supply of email addresses and can automatically handle whatever is sent to them, even if one in a thousand emails is a receipt I'll need to look at later. No bother, no hassle, no problem.
Re: (Score:2)
You sure as fuck didn't issue my nerd card.
Where I'm from, nerds understand the technology, and they were saying "no" to this shit all along.
There is no reason to waste a bunch of time tricking the store into thinking I gave them my email. And, it provides false feedback data that contradicts what I actually want the store owner to know, which is that I just want to buy some shit, I don't want anything more than that.
You say no bother, no hassle, but there is a bother. Sure, I already have domains I'm not u
Re: (Score:2)
what nonsense you spew. the same security should already be there anyway for any email system you have, it gets updated for an "advertisment mail" address the same as anything else. it's the management that is already there and being done anyway.
you're doing something wrong
zero extra effort after the email address is typed in one time.
Re: (Score:2)
OK, that is really sad. Really sad.
If you're not doing any extra work to manage it, you have no idea even if your regular security precautions failed.
There is a huge difference between saying, "I have a huge e-peen and I like spending the time to manage it this way" and saying, "Golly gee, I just don't worry about security at all, and so it takes no time or effort."
Routine security practices take time and effort. You're either dumping the email into the same pot, and not actually avoiding it, or you're doin
Re: (Score:2)
I'm the same way. No email, and a fake phone number if they ask (kids today don't even know about 867-5309...)
However several months ago I made a purchase at a GAP brand company. No email requested nor provided at checkout, paper receipt, normal transaction. Except that an email receipt popped up in one of my email accounts for the purchase.
I do have multiple segregated emails (work, personal, junk/commercial email) and the receipt landed in my junk/commercial email address. But still it brought home to
Credit Card Transaction Reciepts (Score:1)
The reason why Square is emailing "some random person" is that it keeps your email address on file -- tied to the credit card number that was used during the transaction. Just because you didn't provide an email address, dosen't mean that some barista at Starbucks, or the guy at your favorite food truck didn't enter one in for you. A while ago, I saw the guy at stand at an airport putting in his email address for every transaction. I called him out on it, and he said it was a required field, and that it
Re: (Score:2)
What ludicrously stupid system. Why would anybody design anybody design a system that required the customer to divulge an email address. What if someone doesn't have an email or doesn't want to give out their email? What if the business doesn't ask anybody for an email address and enters a common address for every new customer, and starts harvesting all the data, as is the case in your example? It seems like a huge security/privacy problem that a retailer could even get access to all of a customer's purch
Re: (Score:2)
What ludicrously stupid system. Why would anybody design anybody design a system that required the customer to divulge an email address.
Because they want the marketing data. It's the same reason "loyalty cards" were invented. Where have you been for the last ten years, under a rock?
What if someone doesn't have an email or doesn't want to give out their email?
Then the clerk, doing what his bosses have ordered him to, will enter any address at hand. Radio Shack used to demand the customer name for every purchase, no matter how small. Most of the sales droids got the point when I said "Cash". Some of them took a bit longer to get it. "Cash. Johnny Cash" sometimes clued them in. "Lincoln, Abraham Lincoln" was also good.
Unverified email addresses (Score:2)
Because "Martin Espinoza" is, if not the John Smith, at least the Bob Smith of Latin America (An Espinoza having landed quite early in Panama as a Conquistador, and who, if the rest of us are any indication, started fucking his way across the land with vim and vigor) I get asspiles of other people's receipts. Just the other day I got someone's flight confirmation... Some dildo forgets to put a "1" or whatever after the user part of the email, and I get spam.
Re: (Score:2)
Why do the same people who cry and moan the most about "colonialism" that happened 400 to 500 years ago always have the last name (and probably direct ancestry) of some Conquistador?
I don't think they do. Lots of those people are perfectly happy to continue. I have very little connection to my family though, and I don't like to whitewash the past, either.
Good post (Score:1)
I have a theory (Score:2)
Emailing signatures! (Score:2)
For years Square has been emailing me my signature. With no encryption, nor security. That's just what I need, a legally binding script of mine, floating around on the internet. I've complained and complained, and they simply don't care.
Joseph Elwell.
Re: (Score:2)
Good luck proving that. When you dispute a credit card payment saying you didn't make it, the bank issuing the card will contact the merchant saying the customer is disputing the charge. Do they have any proof that the customer actually made the charge? The merchant then sends the bank a copy of the receipt with the signature on it. The
I used to work at square (Score:2, Interesting)
I used to work at square. I tailed the security folks through the cafe when they put in their orders and I used my personal email address so I could start intercepting their purchase history across all square merchants as an example of abuse of the credit card to email address association. I suggested that the last 4 digits be used as authorization to prove the owner of the card is the owner of the email address, but I got shot down big time. When I go to a merchant that uses square, I pay in cash.
Good post (Score:1)
Good post (Score:1)