Visa Inc and Mastercard Inc are working on a system for delivering online behavioural adverts to consumers based on what they buy in shops, according to media reports. The US-based credit card networks have developed "preliminary" plans to place shoppers into groups based on their in-store purchasing history and sell the …
All your data is ours - you mean you didnt read the T's and C's on page 12,378, paragraph 74, line 1054 (no 1 point is not too small, that's why it is called small print, dummy!)
All my data leaking mut be my fault then.
Hardly. EU and UK law requires a very specific opt in when it comes to passing your data to third parties. IOW the companies could not hide this deep within the Terms and Conditions. If you have not checked the box that says they can pass your data to third parties then they cannot sell or otherwise pass on your data without breaking the law.
Looks like it's time to start carrying nothing but cash in my tinfoil RFID-shielded wallet now then!
Now ask me ...
... why I've been cash-on-the-barrel-head these last 25 years.
If I need to use credit to purchase something, I get a cash loan. The banker never gets a chance to observe what I do with the funds. Nor should he.
Of course that means you won't be able to order your tinfoil hat online.
I have never purchased a single item online. Nor am I ever likely to. Why would I? I can get anything I will ever need in life within a two hour's round-trip from where I sit as I type ... with the added benefit of being able to look the seller in the eye whilst sealing the deal with a handshake.
I don't wear hats. Of any kind.
I'm guessing you won't buy from anybody who doesn't have a firm grip and steady gaze during a handshake either? It's the only way to tell you're not being ripped off!
Also, cash loan? I've seen pre-aproved junk mail credit cards that charge less interest...
Chances are you'll also need that loan as you'll be paying more for everything you buy.
"I can get anything I will ever need in life within a two hour's round-trip from where I sit as I type"
Do you have nothing better to do than spend a couple of hours driving to buy something when, instead, you could get it with a few clicks of a mouse?
And how much petrol (or diesel) do you burn whilst doing that? And how much does that item cost? Are you really willing to spend extra time and money buying something from someone with a steady gaze and a firm handshake (something which any con-man worth his salt naturally practices carefully) when you can get it cheaper and more easily and delivered to your door just so you can avoid using cards?
Ref : Now ask me ...
"If I need to use credit to purchase something, I get a cash loan. The banker never gets a chance to observe what I do with the funds. Nor should he."
Who in god's own name DOWNVOTED this post ?
They should be handed over, plastic cards held high, all personal pecadillos exposed, no shame whatever in their brainless faces, to the grasping gormless godforsaken minions of the Great Lord High Finance and His Prophetness on Earth - the Most Exalted Anonymity of the Financial Services Industry, on whose blessed being we pour all our wealth and trust.
Me & mine travel all over Northern California & most of the this side of the Rockies. It's a hazard of breeding & showing dogs & horses. Fortunately, we know how to multi-task. Dawg show, horse show, eyeballing a used water truck, or a cylinder head for the Perkins in my Monterey Clipper ... the trick is to make the minutes work in your favo(u)r.
Con-artists, at least in this scenario, are laughable. Purchasing stuff on TehIntraWebTubes[tm]? Maybe not so much.
I think they are down-voting it because cash loans are notoriously expensive: they are not called legal loan sharks for nothing...
"Do you have nothing better to do than spend a couple of hours driving to buy something when, instead, you could get it with a few clicks of a mouse?"
I'm going that way anyway. Mouse-clicks aren't even close to kicking the tires.
How do they plan to link my card number to my browser unless I log onto something first using the same email address I associated with my card? Cookies aren't much good - I could buy something online from a shared computer (yes, not wise for other reasons, but it could happen) - would the "targeted ads" then be shown to all users of that pc?
Perhaps (probably!) I missed something, but it doesn't stand up as an efficient working model to me. Perhaps it is just a marketing wet dream that accidentally escaped the asylum.
And it would be really annoying to think it was being done anyway of course...
Ever use Internet banking?
"How do they plan to link my card number to my browser unless I log onto something first using the same email address I associated with my card?"
They don't have to link your email to the card
They just have to tweak the last part of your online perches experience. You Know the bit where they ask for the fist, third and one thousand seven hundred and sixth letter from your password.
But not necessarily from my own PC. How do they know it is me when I am on another device and I have not made any transaction using a card?
I was wondering the same.
They'd have to use a persistent cookie in case you purge cookies when closing the browser, at which point why not simply put a list of group ID's in the cookie so they aren't selling your data, they're just selling the definition of their own groups.
How would they get the cookie on your PC? Well, I suspect the only time people have direct contact with Visa or Master is when we're making an online purchase and we use their secure payment system. At that point, yes, they could put a cookie on your PC.
But at that point why not simply put a list of groups they've put you in into the cookie? Then they sell the group definitions to other companies, or they sell a plug in for advertisers that reads the cookie for them and simply tells them what market group you fit in (according to the credit card's interpretation of your purchases, that is). That way they never send any information you have given the card company directly: They only sell their classification of you based on their assessment of your purchases. May be how they intend to get around data protection laws...
But that only works once you've made a purchase, which reduces the usefulness of the advertising.
Not that marketeers show much sense in this respect, I've taken several surveys that go along these lines:
When did you last purchase a TV set? Three weeks ago.
Are you planning on purchasing a new TV set in the next month? No.
Why not? Er....
They don't need to
link the card number to your browser. Every time you buy something with your Mastercard or Visa, the transaction is recorded by them regardless of where you use the card. You know, the data presented to you on your credit card statement each month?
This is the data - your card's purchase history - that these fuckers are planning to sell.
I've already sent an email to Mastercard advising them that my purchase history is my personal data and therefore my intellectual property. I've explained that I am willing to sell them this data for use in their advertising campaigns in exchange for a permanent waiver of any and all interest and credit card fees. Unauthorised use of my data will result in an infringement case being brought against Mastercard in my local court. I have yet to receive a reply, but rest assured, I will not sit still for this.
Re: They don't need to
Good for you. You tell 'em.
Out of interest, you do know that Mastercard doesn't actually set your interest or credit card fees though right?
That would be the bank that issued the card.
...and what about the data already collected from previous transactions?
Just another day that I'm glad that I live in the EU and not US.
Chances are that doesn't matter
The data will still flow to a US server which the EU has been assured by all and mendacious US sundry that DP laws will be observed while EU purchasing habits are sold to US companies which have operating bases in the EU.
Fucked all the same.
It would still be illegal under EU DP laws
And how are they going to connect people's offline and online ID?
The only thing I can think of is that they wait for the first online purchase with VbV and whatever the MasterCard equivalent is then set cookies for every advertising network under the sun, or every advertising network under the sun makes use of a 3rd party cookie hosted by Visa/MC.
Pretty easy to defeat with something like NoScript or RequestPolicy.
This is how
One answer to your question; Facebook (or Google+ come to that).
Simply get your mindless sucker, I mean, customer, to "like" your card/bank/insurance/discounts scheme/any-other-subsidiary-you-care-to-mention and you've got them. Bang. Online identity synced with Financial identity. Sit back and await the social networking revolution to do its work.
Why do you think companies of all sorts are falling over themselves inventing spurious reasons for you to visit them on Facebook?
"Why do you think companies of all sorts are falling over themselves inventing spurious reasons for you to visit them on Facebook?"
That and the NSA / MI5 / MI6 / CIA etc have been dreaming of having this kind of "database" for years and now people are willingly putting any and all info about themselves online for them to search/profile etc.
@This is how
Even if someone follows Visa/MC on Facebook, Visa/MC wouldn't be able to work out that this is Mr(s) XYZ with card number 1234 5678, their offline purchases are made in these shops, therefore they can be shown targeted advertising for these things on the web via several advertising networks. Or I don't think they will be able to.
I still believe it will either require a degree of opting in which crosses the creepy line (logging in to VbV/MC Securecode and giving them your e-mail address, Facebook ID, G+ ID, etc...) or setting up cookies after the first purchase by VbV/MC SC.
Either way people can opt out in the first case by not giving this info as there's no law which says that people have to have an e-mail address or Facebook profile or in the second case telling the browser to delete cookies on closing.
They don't need a cookie to identify you, whenever you make a purchase with your card, your card goes through their authorisaton platform which gets to see how much you are spending and where you are spending it. they also get the chance to store this information for mining later.
That information alone is gold dust to marketeers
Indeed, that is your offline (cardholder) ID. They do need cookies to target advertising through ad networks at you while you browse though and they need to tie those cookies in your online session to your offline (cardholder) ID, otherwise all that information is useless.
I suspect all it takes is one special offer that is accessed using card and Facebook.
Thank you sir, that makes sense
Purchase something via G+ or Facebook and bob's your uncle.
I can imagine using an Android phone to buy stuff through NFC will do the trick too.
And people will do it as well.
In a world where firms are frequently losing people’s personal data, do we really need to spread it around even more?
Not sure what to think about this. I am, of course, against it on first principles.
But my buying history would almost certainly blow several fuses in the algorithm, so I would get my vengance that way.
How could they find me?
I don't manage my cards online and I'm pretty sure I've never given them an email address.
So how would they know when and where I was online?
Even if they knew my IP address, how could they know that it was me in front of the screen, and not the wife or kids?
do I get the horrible feeling this will involve an updated set of terms that will mean you must accept them, and have your details sold off, or have your card cancelled?
Go for it
I have in the past cut up a card and returned it because I didn't like a change of conditions (the one imposing a fee, most often). Whether you'd get enough people prepared to do the same for privacy is another matter.
I like to think that they'd lose far more by me closing the account than they'd gain from selling the data.
Can't happen. That, by definition, is not opt-in.
I do not wish to be commoditized in this fashion.
However, using a credit card means you are using someone else's wealth, not your own and if the people that own that wealth want to increase the price you pay for using it, then that's up to them.
I hope this does not creep to debit cards.
... but with the advent of the much-vaunted cashless economy, all transactions will be up for analysis. Then it doesn't matter what kind of card is used.
2 words for the abusive duopoly ... the second word is "off".
May habits... my personal data... not for sale - especially not to ass-hats that I have no relation ship with.
This has to be a huge invasion of privacy!..I'll go back to cash shopping then, and save on all the interest too.
I guess the ICO will sleep though all this too... the system is corrupt... which makes me wonder about the corruptibility of those controlling it.
Rock and a hard place ...
So, VISA and Mastercard issue new T's & C's and say "let us sell your data or cut your card up". Not really a choice in today's society.
One more time: "They can't do that under EU law."
How would this work?
Assume that I use my visa card to go on a mammoth shopping spree.
Assume that Visa are allowed to, and do, track the purchases I make with that card.
I now go online and start browsing t'intewrwebs.
How do visa intend to tie my card purchase history to my web browsing? The only way they can do this is if they tie something that identifies me online (IP address, cookie, etc) to my card account, which means that they can only do this when / if I enter my card details online, which requires the collusion of web retailers.
Now, I'd imagine the last thing that an online retailer like Scan, Dabs, etc want is for me to be bombarded by competitor's ads because they pimped me to Visa.
Shocking proposal, in any case. Do these people not learn? Did they not see the shitstorm of bad publicity that arose from the BT/Phorm debacle?
I can't imagine they'd go as far as 'agree to this or we close your account' - remember with a credit card, you owe them money, not vice versa. They have thw authority but at the end of the day you have the money as a bargaining chip. If they say "right, we're going to close your account because you didn't agree, give us the money' and you say 'haven't got it, sue me', are they really going to do that? For thousands of people? With all the publicity that entails, telling everyone exactly why they are changing the T&C?
They will want to sneak this through on the quiet. They'll go with opt-in for existing customers (with incentives to do so) and make it a standard clause in new contracts. That way they get the same effect in a few years with no noise and much less publicity.
I had the misfortune to work with a "data aggregation" company back in dot com days and was astonished at the level of information these fuckers could provide and that was in 1997/1998 FFS! I shiver to think about how they have evolved since.
This is something that needs to be regulated very strictly, but I imagine it will carry on in the same half arsed fashion in its current form on both sides of the Atlantic.
This makes me wonder about how much data supermarkets know about our shopping habits, even if you've never signed up to a loyalty scheme.
I've never signed up to [for example] Tesco Clubcard, but that doesn't mean they can't track my shopping habits through my debit card number. It must be very valuable data to them.
That would be illegal
It's illegal to track people unless they have given their express consent. In Europe at least.
That's probably a PCI-DSS fail.
- Apple's spamtastic iBeacon retail alerts launch with Frisco FAIL
- Submerged Navy submarine successfully launches drone from missile tubes
- Pix Astroboffins spot HOT, YOUNG GIANT where she doesn't belong
- Cache in the Attic El Reg's contraptions confessional no.2: Tablet PC, CRT screen and more
- Developer unleashes bowel-shaking KILLER APP for Google Glass