Researchers are able to link "anonymized" credit card data to owners

[Shawn Knight]

Credit cards and other forms of digital payments may be convenient to use but of course, they leave a digital trail that can easily be traced back to the owner. Such is apparently also the case even when personally-identifiable information like names and phone numbers are removed from the equation.

In a recent study titled “Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata,” researchers at Massachusetts Institute of Technology’s Media Lab analyzed credit card transactions from 1.1 million people over the course of three months.

Personal information like names, phone numbers and account numbers had been removed but even still, the team – led by graduate student Yves-Alexandre de Montjoye – was able to reidentify 90 percent of shoppers by using just four random bits of information.

Even more frightening is the fact that, when combined with public data from social networks like Instagram and Twitter, researchers were able to link real names to the “anonymous” credit card transactions.

De Montjoye said the takeaway is that we really need to rethink what it means when something is “anonymized.” When the possibility of reconnecting personal information exists, he noted, it needs to be taken into account when releasing or sharing large data sets.

If you think you may not be at risk, think again. As The New York Times points out, many companies, hospitals and government agencies use standard methods to “anonymize” their records.

Permalink to story.

https://www.techspot.com/news/59602-researchers-able-link-anonymized-credit-card-data-owners.html

 

[cliffordcooley]

was able to reidentify 90 percent of shoppers by using just four random bits of information.

And what four random bits of information might be shared within a credit card transaction? Could it possibly be four bits of information needed to prove you are who you say you are, before making a purchase?

 

[wiyosaya]

This does not surprise me, and with the bit about social media, I am glad that I do not actively participate with social media. The statement about social media just makes me think that the more people participate, the less private they are, (which is absolutely stating the obvious) but this kind of information is tantamount to telling people that the more use of social media, the higher the risk of identity theft, etc.

I also do not leave my CC data with any company I deal with. If you ask me, Amazon is a prime (pun intended) offender in that they insist that CC data left on their site is secure, and automatically save it with no choice when purchasing (it can be deleted, but you have to go to your account to do so). Personally, I don't care what Amazon says, and given this report, no CC info anywhere is secure, so Amazon insisting on saving it for your convenience for future purposes exposes all their customers to a greater risk of CC theft or worse. I certainly do not need the convenience of "one click buying" at the greatly increased risk of CC theft or worse. I am just waiting for the day when Amazon announces they have been hacked. I'll be the first one to write their customer service and say, "I fracking told you so."

In my opinion, retaining CC info beyond the purchase should be made illegal.

 

[Skidmarksdeluxe]

Is this only for online transactions or all transactions?

 

[Evernessince]

Is this only for online transactions or all transactions?

This applies to all transactions, seeing as most in-store purchases are processed in a similar manor as online.