Social Media Betrays Your Credit Card Activity: Study - InformationWeek
IoT
IoT
Mobile // Mobile Business
News
1/31/2015
09:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Social Media Betrays Your Credit Card Activity: Study

Using time and location data culled from social media posts or other sources, researchers say they can identify your purchases from amongst anonymized transaction data.

9 CIO Tech Priorities For 2015
9 CIO Tech Priorities For 2015
(Click image for larger view and slideshow.)

With a handful of social media posts or other geotagged sources of data, researchers have demonstrated that they can identify an individual's purchases from an anonymized set of metadata. In a paper published Friday in Science, researchers from MIT, Aarhus University, and Rutgers show that having just four metadata points that link an individual to a location and/or time -- a Tweet tied to a place or a timestamped receipt, for example -- that individual's credit card transactions can be identified 90% of the time in anonymized database of 1.1 million credit card records.

"A data set's lack of names, home addresses, phone numbers, or other obvious identifiers … does not make it anonymous or safe to release to the public and to third parties," the paper explained.

The significance of these findings can't be underestimated. Large-scale anonymized sets of data and metadata have become indispensable in academia, industry, and government, according to the paper. Epidemiologists rely on anonymized data to track disease outbreaks. Retailers rely on anonymized data sets for business insights. Netflix uses anonymized viewing data to make recommendations. Google uses anonymized location data to provide traffic information.

Image: MIT

Image: MIT

To underscore the value of data for businesses, Greg Corrado, senior research scientist at Google, put it thus at the ReWork Deep Learning Summit in San Francisco on Thursday: "If you don't have a mountain of data, you probably should have a mountain of data."

[Are we our own worst enemies when it comes to data security? Read Password Fail: Are Your Workers Using 123456?]

The paper's authors -- MIT graduate student Yves-Alexandre de Montjoye, MIT professor Alex "Sandy" Pentland, Rutgers assistant professor Vivek Singh, and Tel Aviv University post-doctoral student Laura Radaelli -- use data and metadata interchangeably. Though there's an arguable distinction -- metadata is data that describes other data -- that distinction exists more as a political one, to define the parameters of allowable surveillance, than as a fundamental difference.

Data is the fuel that powers the knowledge economy, but as the paper's authors point out, the transformational power of data depends on its availability. Such data may become more difficult to obtain if it can be de-anonymized.

This study isn't the first to note the ease with which anonymous data sets can be de-anonymized to identify specific individuals. Researchers found ways to identify people from the AOL search query dataset released in 2006.

A paper published by researchers at the University of Texas at Austin in 2008 describes how the Netflix Prize dataset was de-anonymized. In 2013, one of the MIT paper's authors, Yves-Alexandre de Montjoye, participated in prior work on identifying mobile phone users from four points of spatiotemporal data. That same year, Latanya Sweeney showed that anonymous Personal Genome Project listings can be identified by name using data in public records.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
2/1/2015 | 6:11:41 PM
Re: I'm never Tweeting about my new shoes again
Of course, just like the discussions about art, when everything is PII, nothing is PII -- which isn't very promising for appropriate regulatory action.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
2/1/2015 | 6:08:54 PM
pleaserobme.com
Yet another of many reasons why I almost never geotag or otherwise indicate my location with my posts.

That and pleaserobme.com.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
2/1/2015 | 1:59:01 PM
Re: Thanks
I do worry about how much data financial services companies have about me. I would go back to cash, but it has been made more of a nuisance in the age of easy to use plastic. I don't think cash is going to go away – but I do believe that it will become more scarce over time as people are willing to use cards because they offer less hassle. 
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
1/31/2015 | 11:35:20 PM
Re: I'm never Tweeting about my new shoes again
@tzubair: I've experienced the benefits of this firsthand last year when Amex flagged fradulent charge attempts on my account based on the fact that they were inconsistent with my prior purchase history. Im ok with that. I"m also ok with targeted marketing in general because I know that's happening due to the cookies and other tagging that I choose not to turn off.

What frightens me is the idea that my purchase behavior can be lumped into anonymyzed batches and is supposedly de-personalized, but via my own social media statements can still be used by bad actors identify me specifically and, potentially, steal my identity.

It gets even more scary if I start to think about how anonymized health data might be used to be traced back to me.
tzubair
50%
50%
tzubair,
User Rank: Ninja
1/31/2015 | 10:46:52 PM
Re: I'm never Tweeting about my new shoes again
@Susan: I think there are two sides to everything. While getting to know about your purchase patterns can reveal a lot about you to the companies, it can also help you - and some consumers would probably be okay with that. When companies get to know more about you, they can customize their offerings to match your needs better. You get personalized services and in some cases discounts as well.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
1/31/2015 | 10:19:27 PM
I'm never Tweeting about my new shoes again
This is seroiusly disturbing and a good wake-up call to any organization that is using meta data (or making meta data available to others). Wait: Isn't that just about EVERY organization, at this point? Shows a significant flaw in our thinking about how we separate PII from other data...potentially all our data is PII. Do you think this will lead to new regulations and practices concerning metadata?
shakeeb
50%
50%
shakeeb,
User Rank: Ninja
1/31/2015 | 7:40:42 PM
Thanks
Thanks for sharing! This is indeed scary; hackers could easily locate your information and create a chaos. 
Commentary
5 Machine Learning Resolutions for 2019
Lisa Morgan, Freelance Writer,  12/13/2018
News
What Tech Mega Hubs Will Do to East Coast Cities
Kayla Matthews, Technology Writer,  12/11/2018
News
Daimler Financial Services CIO Says: Don't Get Comfortable
Jessica Davis, Senior Editor, Enterprise Apps,  12/5/2018
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Enterprise Software Options: Legacy vs. Cloud
InformationWeek's December Trend Report helps IT leaders rethink their enterprise software systems and consider whether cloud-based options like SaaS may better serve their needs.
Slideshows
Flash Poll