Financial Privacy Blog

Yahoo! - May 19, 2008

This Yahoo! article says hackers could use telescopes to view tiny reflections in glasses, teapots and the human eye and capture valuable screen information. Some researchers have found ways to correlate visual keystrokes to data. This sophisticated interception research is called side-channel research. Do we all need privacy shields on our computer screens? And, then type in the dark? Crazy.

WSJ - May 5, 2008 - A13

The WSJ again raises good questions about how marketers track online behavior via web cookies. According to the author, the key questions remain:

• How are personal data used?
• Are our names, addresses, and financial and health records really secret?
• Is anonymity permanent?

Some advocacy groups contend we should allow surfers to “opt out” of cookie tracking just like we can now opt out of direct marketing phone calls with the No Call List. Still, the $20 Billion spent on web advertising is the engine that drives the “free” Internet. How many of us would willingly trade free use for enhanced privacy? No more free email or free web searching?

Is better disclosure the answer? One WSJ site offers its own model of full tracking cookie disclosure. Clearly, the tension between usability and privacy continues to frustrate web users and marketers alike.

Once again, the best interim answer seems to be to randomize your critical private financial data and accept the loss of complete anonymity.

National Public Radio - March 21, 2008

State Department contractors were caught accessing data on presidential hopefuls Barack Obama, Hillary Clinton and John McCain. Luckily, software that monitors high-profile individuals caught the snooping, but, of course, average Americans don’t enjoy the same enhanced protections.

Ira Flatow used this incident to launch an NPR Science Friday Online Privacy discussion. A couple of highlights:

• Users “pay” for Internet sites with personal information, but it is not clear the value-received matches the privacy cost. Facebook provides a great example of users freely sharing information with friends and not truly understanding the cost of the privacy loss until much later (e.g., when your party photos become public and threaten your Miss America pageant hopes).
• The social contract between site operators and users is critical to maintaining any web privacy (e.g., Google’s Gmail will use personal information in your email inbox to place targeted advertising, but not re-sell that personal information to third parties).
• Online privacy could take a significant step forward if web site operators changed from a opt-out to an opt-in policy for using information collected from site users.

Whether information is financial or not, if seems clear that users need to act more proactively to shield information from misuse rather than relying on the social contract and technologies to protect data already collected.

WSJ - December 5, 2007 - D1, D8

Several WSJ articles cover the good, the bad and the ugly of online holiday shopping.

The Good

Online payment systems are rolling out incentives to capture part of the estimated $28 Billion in online shopping during the 2007 holiday season. These services are becoming widely available so some of these offers could really translate into big savings.

• PayPal partners with retailers such as Barnes & Noble, eToys, and Blue Nile to offer up to a 20% credit on purchases
• Bill Me Later subsidizes shipping costs (always a customer pleaser) and defers billing at retailers like eToys Direct and KB Toys
• Even Google Checkout has gotten into the act with free shipping on orders of $50 or more with some merchant partners and is offering United or Continental Airlines miles for purchases

The Bad

Online shopping increases during the holidays and that provides even more opportunities for criminals to steal data and defraud consumers. With $198.4 Million in fraud losses in 2006, it’s clear that cyber criminals aren’t going away.

The Ugly

It’s 2007 (more than a decade since the rise of e-commerce) and still no widely available online payment system offers real protection against fraud, identity theft and privacy invasion.

• PayPal offers some anonymity when buying online (which is a good step forward), but they have been notoriously lax in protecting against fraud and truly serving customer interests. (Just Google “PayPal fraud” to get up to speed on some of the problems.)
• Bill Me Later simply changes the information that’s at risk. Rather than exposing your bank card number, address and name, you share the last four digits of your SSN, your DOB and your name. Here we see convenience trump security.
• Regular Bank Payment Cards (debit and credit cards) provide good fraud protection ($50 max liability on credit cards and good, but not as comprehensive fraud liability protection, on debit cards), but these cards clearly don’t protect your privacy and offer no real safety from ID theft.