E-receipts a privacy nightmare for consumers

MassPrivateI

Paper or plastic? cash or charge? Now there’s a new question when it comes time to pay: What kind of receipt would you like?

As CBS 2′s Maurice DuBois reports, stores are increasingly offering to send customers email receipts, which are convenient and save paper.  

But if you choose an e-receipt, experts warn that convenience comes with a price: your privacy.

“Once you’ve given up your email address, that retailer can use it for any purpose,” said consumer advocate Richard Holober.

Holober said that includes sending you more emails, using it for targeted marketing and even selling your information to a third party.

In New York and New Jersey, retailers cannot request personal information such as an email address or phone number to complete a credit card transaction. But asking for an email address to send a receipt is a loophole in the law.

A third, or 35%, of retailers offer digital receipts, and half of them do so at all their stores, according to a survey of 3,900 retailers released earlier this year by marketing firm Epsilon.

“There’s a tremendous amount of interest,” says Epsilon President Andrew Frawley, noting digital receipts have proved to boost sales. He says while an e-mail address can be worth hundreds of dollars to a retailer, he advises corporate clients not to deluge customers with too many promotions because of “e-mail fatigue.”

Claire Rosenzweig, CEO of the Better Business Bureau of Metropolitan New York, said consumers should always be cautious with personal information.

“The question that the consumer should be asking the retailer is, ‘What are you doing with my information?’” she said. “Sometimes, if it’s online with the terms and conditions, you’ll clearly see that whoever you’re signing up with is clearly saying that they are going to be giving that information to third parties.

Store policies vary as to how they use customers’ email addresses. For example, Apple, the store that pioneered e-receipts, said it doesn’t share email addresses with a third party, but does use them for marketing purposes.

“You as a consumer, being proactive, should be asking yourself, ‘Do I really want to give this information to that retailer? Do i trust them? And what information am I giving over to the retailer?” Rosenzweig said.

While that may be true, what’s driving e-receipts is the bottom line, says C. Britt Beemer of America’s Research Group, a consumer research and consulting firm. “Less paper means fewer people” to file records, he says. “It has everything to do with saving money.”
http://newyork.cbslocal.com/2014/01/13/seen-at-11-e-receipts-come-with-privacy-concerns/
http://www.usatoday.com/story/news/nation/2012/11/03/retailers-e-mail-digital-paperless-receipts/1675069/

Retailers are using Mattersight to spy on consumers telephone conversations & create a personality profile:

There is a computer system out there that can figure out the details of your personality and interaction style after listening to mere seconds of your phone calls. In fact, this may have already happened the last time you called a customer service line. There is no way you would ever know.

Mattersight is an extremely sophisticated data analysis system that listens to the way you respond on the telephone. It listens to you in the background, and breaks down hundreds of micro-features of your voice: Volume, tone, pauses, speed of response, and so on. It uses mathematical algorithms to interpret these features, compare them to data in its databases, and come up with a personality profile for you.

All of this happens, by the way, during the first few seconds that you are on the phone. It could even be happening while you are working your way through a voice-activated menu system.

Then, when you are finally connected to a sales representative or customer service professional, Mattersight takes its analysis of your personality, compares it to the personality profiles of the call center employees that it has on file, and automatically connects you with the service agent that you are most compatible with.

As a result, you will have a better customer experience. If you like brusque and professional, you will be connected with someone who is brusque and professional; on the other hand, if you like friendly and chatty, you will be connected with someone who asks how your day is going.

You will never even know that Mattersight was behind the scenes, manipulating the whole thing. In some cases, even the customer service representative may not know. But the end result is that both parties come away from the experience knowing that they were talking to someone who was “easy to get along with.”

How much information do you give away about yourself when you are on the phone with a call center? Exactly how much of a “deep dive,” psychologically, can an analytics system like Mattersight really do? In reality, nobody knows the ultimate answer to this question.

Over time, if you are a repeat caller to a company’s help line or sales department, the Mattersight analytics system could potentially build up a detailed profile of you. Every single second of every phone interaction that you have with another human being can yield hundreds of new micro-features of data. Each of these micro-features can then go into the system, be passed through complex algorithms, and refine the company’s “personality profile” of you.

Excerpt from the Mattersight website: “Mattersight is a leader in enterprise analytics for customer-employee interactions. We capture, analyze, and create insight from unstructured “big data” phone conversations, emails, chat, employee desktop activity and other types of interactions to drive significant business value.”

Over time, this means a better customer experience for you, because the system will become better at pairing you with people that you “just click with” on the other end of the call.

But how far can this profiling go? By gathering data about your vocal distress level, incorrect responses, or dialect, can Mattersight detect whether you might be someone who is trying to commit fraud? Can it be used to predict the chances that you might miss payments, or skip out on a debt?

Can it be used to detect psychopathy? As the raw amount of data that we can extract from vocal interaction increases, and as the mathematical systems for examining those data improve, we will be able to make increasingly better predictions about nearly all aspects of a caller’s personality, even those that one might normally think of as being “private.”

How comfortable do you feel that Mattersight can use “big data” techniques to find out more about you than your therapist can find out by laying you on a couch once a week?
http://theweek.com/article/index/254852/ai-is-so-over-this-is-artificial-empathy

‘Data brokers’ America’s consumer spies:

“In 2012, the data broker industry generated 150 billion in revenue that’s twice the size of the entire intelligence budget of the United States government—all generated by the effort to detail and sell information about our private lives.” — Senator  Jay Rockerfeller

Data brokers pull in information from any source they could get their hands on — voter registration, credit card transactions, product warranty information, donations to political campaigns and non-profits, court records — storing it in master databases and then analyzing it in all sorts of ways that could be useful to direct-mailing and telemarketing outfits. It wasn’t long before data brokers realized that this information could be used beyond telemarketing, and quickly evolved into a global for-profit intelligence business that serves every conceivable data and intelligence need.

Today, the industry churns somewhere around $150 billion in revenue annually. There are up to 4,000 data broker companies — some of the biggest are publicly traded — and together, they have detailed information on just about every adult in the western world.

No source of information is sacred: transaction records are bought in bulk from stores, retailers and merchants; magazine subscriptions are recorded; food and restaurant preferences are noted; public records and social networks are scoured and scraped. What kind of prescription drugs did you buy? What kind of books are you interested in? Are you a registered voter? To what non-profits do you donate? What movies do you watch? Political documentaries? Hunting reality TV shows? 

That info is combined and kept up to date with address, payroll information, phone numbers, email accounts, social security numbers, vehicle registration and financial history. And all that is sliced, isolated, analyzed and mined for data about you and your habits in a million different ways.

The dossiers are not restricted to generic market segmenting categories like “Young Literati” or “Shotguns and Pickups” or “Kids & Cul-de-Sacs,” but often contain the most private and intimate details about a person’s life, all of it packaged and sold over and over again to anyone willing to pay.

Take MEDbase200, a boutique for-profit intel outfit that specializes in selling health-related consumer data. Well, until last week, the company offered its clients a list of  rape victims (or “rape sufferers,” as the company calls them) at the low price of $79.00 per thousand. The company claims to have segmented this data set into hundreds of different categories, including stuff like the ailments they suffer, prescription drugs they take and their ethnicity:

These rape sufferers are family members who have reported, or have been identified as individuals affected by specific illnesses, conditions or ailments relating to rape. Medbase200 is the owner of this list. Select from families affected by over 500 different ailments, and/or who are consumers of over 200 different Rx medications. Lists can be further selected on the basis of lifestyle, ethnicity, geo, gender, and much more. Inquire today for more information.

MEDbase promptly took its “rape sufferers” list off line last week after its existence was revealed in a Senate investigation into the activities of the data-broker industry. The company pretended like the list was a huge mistake. A MEDbase rep  tried convincing a Wall Street Journal reporter that its rape dossiers were just a “hypothetical list of health conditions/ailments.” The rep promised it was never sold to anyone. Yep, it was a big mistake. We can all rest easy now. Thankfully, MEDbase has hundreds of other similar dossier collections, hawking the most private and sensitive medical information.

For instance, if lists of rape victims aren’t your thing, MEDbase can sell dossiers on people suffering from anorexia, substance abuse, AIDS and HIV, Alzheimer’s Disease, Asperger Disorder, Attention Deficit Hyperactivity Disorder, Bedwetting (Enuresis), Binge Eating Disorder, Depression, Fetal Alcohol Syndrome, Genital Herpes, Genital Warts, Gonorrhea, Homelessness, Infertility, Syphilis… the  list goes on and on and on and on.

Normally, such detailed health information would fall under federal law and could not be disclosed or sold without consent. But because these data harvesters rely on indirect sources of information instead of medical records, they’re able to sidestep regulations put in place to protect the privacy of people’s health data.

MEBbase isn’t the only company exploiting these loopholes. By the industry’s own estimates, there are something like 4,000 for-profit intel companies operating in the United States. Many of them sell information that would normally be restricted under federal law. They offer all sorts of targeted dossier collections on  every population segments of our society, from the affluent to the extremely vulnerable:

  • people with drug addictions
  • detailed personal info on police officers and other government employees
  • people with bad credit/bankruptcies
  • minorities who’ve used payday loan services
  • domestic violence shelter locations (normally these addresses would be shielded by law)
  • elderly gamblers

If you want to see how this kind of profile data can be used to scam unsuspecting individuals, look no further than a Richard Guthrie, an Iowa retiree who had his life savings siphoned out of his bank account. Their weapon of choice: databases bought from large for-profit data brokers listing retirees who entered sweepstakes and bought lottery tickets.

A 2007 New York Times story describing the racket:

Mr. Guthrie, who lives in Iowa, had entered a few sweepstakes that caused his name to appear in a database advertised by infoUSA, one of the largest compilers of consumer information. InfoUSA sold his name, and data on scores of other elderly Americans, to known lawbreakers, regulators say.

InfoUSA advertised lists of “Elderly Opportunity Seekers,” 3.3 million older people “looking for ways to make money,” and “Suffering Seniors,” 4.7 million people with cancer or Alzheimer’s disease. “Oldies but Goodies” contained 500,000 gamblers over 55 years old, for 8.5 cents apiece. One list said: “These people are gullible. They want to believe that their luck can change.”

InfoUSA is a hugely profitable and politically connected company.

InfoUSA was started by Vin Gupta in the 1970s as a basement operation hawking detailed lists of RV and mobile home dealers. The company quickly expanded into other areas and began providing business intel  services to thousands of businesses. By 2000, the company raised more than $30 million in venture capital funding from major Silicon Valley venture capital firms.

InfoUSA continues to do business under the name Infogroup, and has nearly 4,000 employees working in nine countries.

As big as Infogroup is, there are dozens of other for-profit intelligence businesses that are even bigger: massive multi-national intel conglomerates with revenues in the billions of dollars. Some of them, like Lexis-NexisExperian & Equifax are well known, but mostly these are outfits that few Americans have heard of, with names like EpsilonAltegrity and Acxiom.

These for-profit intel behemoths are involved in everything from debt collection to credit reports to consumer tracking to healthcare analysis, and provide all manner of tailored services to government and law enforcement around the world. For instance, Acxiom has done business with most major corporations, and boasts of  intel on “500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States,” according to the  New York Times.

This data is analyzed and sliced in increasingly sophisticated and intrusive ways to profile and predict behavior. Merchants are using it customize shopping experience— Target  launched a program to figure out if a woman shopper was pregnant and when the baby would be born, “even if she didn’t want us to know.” Life insurance companies are experimenting with predictive consumer intel to estimate life expectancy and determine eligibility for life insurance policies. Meanwhile, health insurance companies are raking over this data in order to deny and challenge the medical claims of their policyholders.

Even more alarming, large employers are turning to for-profit intelligence to mine and monitor the lifestyles and habits of their workers outside the workplace. Earlier this year, the Wall Street Journal described how employers have partnered with health insurance companies to monitor workers for “health-adverse” behavior that could lead to higher medical expenses down the line:

Your company already knows whether you have been taking your meds, getting your teeth cleaned and going for regular medical checkups. Now some employers or their insurance companies are tracking what staffers eat, where they shop and how much weight they are putting on — and taking action to keep them in line.

But companies also have started scrutinizing employees’ other behavior more discreetly. Blue Cross and Blue Shield of North Carolina recently began buying spending data on more than 3 million people in its employer group plans. If someone, say, purchases plus-size clothing, the health plan could flag him for potential obesity — and then call or send mailings offering weight-loss solutions.

”Everybody is using these databases to sell you stuff,” says Daryl Wansink, director of health economics for the Blue Cross unit. “We happen to be trying to sell you something that can get you healthier.”

“As an employer, I want you on that medication that you need to be on,” says Julie Stone, a HR expert at Towers Watson told the Wall Street Journal.
http://www.alternet.org/media/what-surveillance-valley-knows-about-you

Target forces consumers to reveal personal information in fraud case:

How comfortable would you feel giving Target all your sensitive information right now? Michael Baxter, of Somerville, has an answer: “I have no confidence in their security there.”

Baxter and his wife got a call Wednesday. “They identified themselves as the Target fraud detection department, and there was a suspicious transaction of over $1200,” said Baxter. They called the number on their statement and confirmed it was true. They are among as many as 110 million customers affected by Target’s pre-holiday credit card breach.

But what happened next made Baxter feel like a victim all over again. Target sent him a questionnaire to fill out and return to process his claim. It asks for sensitive information like Social Security Number, driver’s license number, address, phone numbers, credit card number, children’s names, and more. “It’s enough information to completely destroy our identities,” said Baxter.

“I was kind of horrified. I kind of thought it was a scam when I looked at the form, because of the kind of information they were asking. I told them they were insane to be asking for it,” he said. When he refused, the customer service representative told him they could not process his claim without it. “I wasn’t getting anywhere, so I asked for a manager. That took four or five minutes. The supervisor came on the line and she was even more aggressive with it.”

When we contacted Target, the company changed its tune. “Our policy is to investigate all fraud claims even if the form is not filled out,” said spokesperson Molly Snyder. “And filling out the form is not a requirement. However, if we don’t have the form filled out it makes our investigation more difficult.”
http://boston.cbslocal.com/2014/01/16/target-now-offering-free-credit-monitoring-for-customers-in-massive-data-breach/

http://massprivatei.blogspot.com/2014/01/e-receipts-privacy-nightmare-for.html

Start the Conversation

Your email address will not be published. Required fields are marked *


*