
In before
Jake posts his take.
America's Consumer Financial Protection Bureau (CFPB) said on Thursday it is probing some of the biggest names in the electronic payments industry, requesting detailed information from them on how they collect and use people's spending data. A strings of demands was issued by the government watchdog to Amazon, Apple, Facebook …
From encryption to tokenization, we devote enormous resources to keeping digital transactions secure
Well that make a nice sound bite if it wasn't such obvious deflection. If you were busy losing my credit/debit card data we'd be having a much different conversation.
As the question is "Who gets to see the meta data of that transaction, eg What my IP was, what bank/credit card provider I use, how much I'm spending each month, what categories of things am I spending money on, am I buying things through the same handful of websites or is my purchase pattern more fluid?", then the response saying that the transaction is secure has no relevance.
The actual transaction may be secure but they still will be able to understand:
Who made it (or at least the device)
Where it was made
Value
This is then aggregated with what has been scraped from websites etc where the actual purchase was made providing huge amounts of information. Just because the actual transfer of the money is secure is an irrelevance.
Which sounds like it was the perfect choice.
Thankfully, private companies have no say in democracy's choice of officers and the roles they are assigned.
Except, of course, when a nominated individual reveals himself to be worth less than pond scum, situation which has been amply demonstrated in the previous administration.
Every time you use a credit or debit card in a supermarket, the transaction (including the items purchased) is logged by the store in a permanent customer profile. They use this both in aggregate to decide on stocking and more specifically to offer "incentives". The only real difference between this and the actions of the behemoths is that the latter can cross vendor boundaries, but the principle is the same. If you use cash you can't be profiled as each transaction is independent and anonymous. Long live cash.
> Every time you use a credit or debit card in a supermarket, the transaction (including the items purchased) is logged by the store in a permanent customer profile. They use this both in aggregate to decide on stocking and more specifically to offer "incentives".
Do you have any references to back this up?
Specifically, my understanding regarding supermarkets, lets use the imaginary company Flesco, is that the card payment terminals (not the tills) are owned and managed by a separate company and that the data link from the payment card reader to the tills is basically providing only a confirmation that payment has gone through or not.The tills themselves have details of the precise details of all the articles that you have bought (via the barcode scanner) but this is not passed to the payment terminal, only the amount to be charged is.
Obviously if you have a Flesco Club Card then the till will link that Club Card number (i.e. your "identity") with the detailed list of goods purchased.
This means that the card reader/card processor company know your card number (i.e. your "identity"), the total value of goods purchased, and the shop where you used the card (Flesco). So for example VISA know you spent £72 last Wed at Flesco but have no idea what exactly you purchased.
This means that Flesco know the detailed list of articles purchased by a "Mr X" and the total purchase value. *IF* Mr X used his Flesco Club Card then Flesco will know who Mr X really is, however if no Club Card was used (whether cash or debit/credit card was used) then they do not know who Mr X actually is. Now Flesco could analyse all their weekly tills data looking for patterns to try and create "shadow profiles" (like Facebook do for non-users) to spot patterns like someone buying similar combinations of articles in the same particular shop on the same day of the week to try and link Mr X's visits to a store without actually knowing who Mr X is.
For stock control purposes obviously Flesco's till data can be used to see how many people buy Munchies Meat Mix each day and how many packets the average customer buys at one time so Flesco can manage reordering and restocking.
The "incentives" I assume are only for Flesco Club Card holders as they know what they've been buying (as Flesco Club Card holders have agreed to give up their privacy in return for price discounts). 'Discounts' mean be the official term but the reality is that the Club Card price is the "normal" price (i.e. for the vast majority of their customers) and people who decide not to to have/use a Club Card are, in effect, paying more than the "normal" price in order to protect their privacy (i.e. a privacy penalty).
If I'm wrong about the above I'd welcome any pointers to correct information...