SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Is your bank a privacy threat?

Posted on January 6, 2020

Many people are aware that large tech companies like Facebook and Google collect and monetize user data (sometimes in ways that border on intrusive and creepy). But privacy advocates are now sounding the alarm about the growing trend of consumer banks and credit card companies doing the same thing.

In this short article, we’ll introduce you to the issue and tell you what you can do to protect your privacy.

Why they do it

Banks collect data on consumer spending in order to offer tailored advertising and deals to their clients. This isn’t just limited to offering their own financial products: Banks also track spending data in order to serve clients relevant ads from third parties — and earn commissions on the resulting sales. 

In a way, it makes perfect business sense for banks to be doing this, even if we as consumers are uncomfortable with it. After all, Facebook and Google have made billions from their access to your personal demographic data, your web history, and your contacts list — because from those things alone, they can infer a lot about your spending habits. But unless you’re shopping directly on their platforms, they’re limited to making educated guesses about where you’re actually buying. 

An institution that processes all of your debit or credit card transactions, however, is a different story. And banks have started to realize that all of that detailed data on consumer purchasing habits — data they weren’t doing very much with up until recently — is worth a lot of money.

Third-party help 

It may be disturbing to know that your credit card company is monitoring your purchases and trying to upsell you on related products. But perhaps more worrying is the fact that many banks are not running these sales programs internally, but are turning to third-party engagement marketing companies and loyalty reward platforms in order to serve advertisements and offers to their customers. 

Firms like Cardlytics, Cartera, and Augeo partner with banks and other large businesses to create rewards programs and targeted advertising campaigns. And this raises questions about what personal data your bank may be sharing with (or selling to) third-parties.

The banks say that the information they share with outside companies is thoroughly anonymized, but considering the financial industry’s previous failures in protecting user data, that promise may not offer much reassurance. And beyond a healthy skepticism about banks’ technical prowess, many people simply don’t like being served targeted ads for unrelated services. Their attitude is: “I signed up for a checking account. I don’t want you to sell me a gym membership”.

The road ahead

For now, banks are relatively new to the business of selling to users based on their marketing profiles. But they’re eager to catch up to the likes of Facebook and Amazon, and that has consumer groups and privacy watchdogs concerned. It’s difficult to predict how all of this will unfold, but one thing to watch for is whether the California Consumer Protection Act (CCPA) changes things when it comes into effect in early 2020. 

The law has been compared to the EU’s GDPR legislation, and requires businesses to provide far greater transparency about their data collection and sharing practices. The CCPA also forces businesses to offer consumers quick and easy ways to opt out of such programs. California is just one state, of course, but it’s an important one. Its $3 trillion economy is larger than that of most countries, which means that the CCPA may have national repercussions — and may provide an interesting test case for how U.S. federal law might deal with these new privacy challenges.

What you can do now

  1. 1

    Opt out

    If you’re concerned about your financial institution tracking your purchases and sharing this information with third parties, the first thing you should do is see if there’s a way to opt out of their advertising programs.

    If you live in California, this should be easier in the coming year, since all large companies will have to display prominent “opt out” or “Do Not Sell My Personal Information” links on their websites. But even if you aren’t in the Golden State, it’s worth visiting your bank or credit card’s website to see if they offer you a way to say “no thanks” to all of this. You may not be able to completely opt out of everything, but you might be able to limit the amount or type of information shared with third parties and curb the amount of direct, targeted advertising you receive.

  2. 2

    Choose wisely

    Not all banks are the same. If this issue has you concerned, then you may want to do a bit of comparison shopping and, if need be, switch banks or credit card providers.

    We don’t want to endorse any one institution over another — and at any rate, corporate privacy policies change so frequently that any recommendation we make could be out-of-date within a month or two of making it! So all we’ll say is that on this issue, it’s very important to read the fine print in your bank’s privacy policy and, if necessary, call them directly and ask some pointed questions.

    It’s also important to question your own assumptions and not take too much for granted. For example, we often think of giant corporations as more of a threat to their customers’ privacy (with some justification). But a large, international bank with branches in the EU and California might actually end up having better transparency and opt-out options than a smaller, regional bank — simply because the larger bank is subject to more stringent government regulations in its area of operations.

    Depending on how important this issue is to you, you may also want to consider an account at a credit union. Credit unions issue debit cards and provide other basic financial services. But unlike banks, credit unions are essentially non-profit organizations, and members have much more of a say in their policies. Credit unions may have less motivation to monetize transaction data than traditional banks or credit card companies. They may also be more responsive to members’ privacy concerns. Here too, it’s crucial to shop around, do some research, and ask lots of questions, because not all credit unions are the same — but they may be a good place to look for a card provider that won’t sell your data, and will be willing to listen to your concerns.

  3. 3

    Ditch the banks (sort of)

    Lastly, if you’re genuinely worried about your privacy, you do have some options for cutting banks and traditional credit cards out of certain transactions. You don’t necessarily have to do this across the board: You could choose to go “bankless” for certain categories of spending only. You may, for example, not want your medical spending to ever show up as part of a marketing profile that a financial institution or third party could access.

    The low-tech route is to use cash for certain types of transactions, but of course this may not be feasible in all circumstances. Another option is to use the Apple Card, a credit card offered by Apple which works in conjunction with an iPhone to provide all of the basic functionality of a traditional card but with a focus on security and privacy.

    Apple, of course, isn’t a bank, and therefore needs to partner with an actual financial institution in order to offer this product: the investment bank Goldman Sachs is the issuing bank for Apple Card. But the card’s terms explicitly state that Goldman will never share or sell cardholder data to third parties for marketing or advertising reasons, and Apple itself won’t have access to transaction data either. Of course, terms of service and privacy policies change, and Apple certainly doesn’t have a perfect record on these sorts of issues — but all things considered, a company as privacy-focused as Apple may be a better bet than the alternatives when it comes to digital privacy while shopping.

  4. While large tech companies and financial institutions continue to pursue data collection and monetization, there is growing awareness of the issue — and growing pushback from consumers and lawmakers. But for the time being, simply being aware of the issues as well as your options can help you take back some of your privacy.

Join our mailing list for the latest security news and deals