Money Moves
In the battle between surveillance capitalists and privacy advocates, the latest front is the credit card.
On Privacy.com, shrouding your online shopping habits sounds easy: Enter your
debit or bank account information, and the website generates a virtual debit card. This socalled burner card acts as a buyer by proxy, keeping your name and billing address out of view. Simply type its number, expiration date, and CVV code into any e-commerce site, hit PURCHASE, and Privacy takes over. The service charges your actual card, adds those funds to the burner one, and uses the new card to do the actual shopping.
The promise is appealing. The card can be configured so that retailers can’t tack on any additional charges, such as an automatic subscription fee. If the retailer’s site gets hacked, you just ditch the burner and move on. And if anyone involved in the transaction tries to sell your data, the only card information they’ll have is that the purchase came from Privacy.
This isn’t the only service offering to mask people’s transactions. Last August, Apple introduced the Apple Card, a Goldman Sachs–issued, no-number credit card that won’t track your purchases. Privacy and other upstart software companies such as Figleaf and Abine
are working on burner cards and other technologies, such as password managers and browser extensions that cloak your web surfing. Offline, consumers have always been able to buy things anonymously with cash. But online, it’s a different story. “We want to give consumers the control to say, ‘I love doing business with you, I want to participate on the internet—i just want to do it on my terms,’ ” says Abine cofounder Rob Shavell.
We’ve become accustomed to the grim fact that nearly every major advertiser, website, and personal device maker collects and monitors users’ data to some extent. Some do it for their own purposes. Others do it in the service of various algorithmic spymasters, such as Facebook or Google, which analyze vast arrays of personal information—from social media likes to GPS locations—to serve up relevant ads. (Fast Company, like many other media outlets, tracks reader data for advertising purposes.)
But to understand shopping behavior with certainty, you need credit card data. Over the past decade, consumer purchases have quietly become one of the most soughtafter and lucrative data sets, used by Wall Street and Madison Avenue alike to infer shoppers’ tastes, budgets, and plans. “Transaction data is the holy grail for marketers today,” says Michael Moreau, cofounder of Habu, a Boston-based startup that helps advertisers marshal their data.
These transactions have given rise to a complex dataselling ecosystem. At the heart of it are credit card processing networks, including Visa, American Express, and Mastercard, the latter of which took in $4.1 billion in 2019—a quarter of its annual revenue—from leveraging its warehouse of transaction data for services that include marketing analytics as well as reward programs and fraud detection. And then there are the banks, retailers, payment processors, and software companies that empower online transactions. Few disclose their methods; some actively obfuscate their work; all vow that personal data is anonymized and aggregated, and therefore secure.
The reality is far more complicated. In one sense, cardholders are safer from identity theft than ever before. At the same time, they’re now shopping in a panopticon, with companies tracking and analyzing their purchases in near real time. It’s never been tougher to know who’s out there watching and selling this data—to say nothing of who’s buying.
Companies have been tapping into transaction data to sell
us more things as early as the 1990s, when credit card giants such as American Express analyzed purchases to tailor special offers to cardholders. Marketers with more limited vantage points, meanwhile, pooled the data from their own cash registers to get a better view of their customers.
The landscape changed dramatically when fintech startups came knocking a decade later. Banks were at first wary of sharing data and working with them, largely because of the 1999 Gramm-leach-bliley Act, which mandates penalties on financial institutions that put customer data, including names, birthdays, addresses, and other personal identifiable information, at risk. To solve this, the startups implemented a sophisticated system that erases personal details and replaces them with randomly generated pseudonyms that act like ID codes: They are unintelligible on their own, but can later be matched up with individual customer files.
This substitution system (also known as tokenization) is now standard. Chip cards, contactless payment systems such as Apple Pay, online payment methods, and other internet banking technologies rely on it to connect with one another. They even form daisy chains: If an e-commerce app needs to accept credit cards, it uses software provided by a payment processor like Stripe. If a financial services app such as Acorns wants to link to customers’ bank accounts, it can use an API from Plaid, which automates logins. If a wealth-management app wants to give users a dashboard view of their credit card, savings, and investment accounts, it can use software from a company called Yodlee.
Today, any American who has bought something online has almost certainly had their data passed along by their card company and middleware startups. And some of those middlemen profit from what they see by selling information to marketers, hedge funds, and other brokers.
Tokenization “effectively created a loophole,” says Yves-alexandre de Montjoye, who heads the computational privacy group at Imperial College London, and who has advised the European Commission on privacy issues. By removing names and other details, companies can argue “that it’s not personal data; it’s ‘anonymized,’ ” he says.
But it isn’t so anonymous. In 2015, de Montjoye and colleagues at MIT took a data set
Customers are shopping in a panopticon, with companies tracking and analyzing their purchases in near real time.
containing three months’ worth of credit card transactions by 1.1 million unnamed people, and found that, 90% of the time, they could identify an individual if they knew the rough details (the day and the shop) of four of that person’s purchases. In other words, a combination of a few receipts, tweets, and Instagram photos of you dining out is enough to reveal your other purchases.
All of this is happening under a veil of secrecy. Credit card companies may acknowledge that they make money from analyzing transactions, but they are vague about what data they actually share. Visa, for example, says its data business only provides transaction histories on an aggregated zip-code level. But the zip codes it uses are zip+4 numbers—specific enough to pinpoint the addresses on one side of one block of one street, and often a single address. (Visa says it shares this data in batches of cards to avoid revealing individual information.) American Express says it never sells transaction data to third parties. However, it does work with a data broker, called Wiland, to identify individual consumers whose purchasing habits match criteria supplied by marketers. (According to American Express, its “modeling methodology” protects cardholders’ privacy.) Targeting individuals based on transaction data is “ridiculously easy,” says Robert Brill, founder of Brill Media, which uses data from Mastercard and other sources to buy digital advertising on behalf of clients.
And then there are the fintech intermediaries. Plaid, which accesses bank account information on behalf of more than 2,600 apps, says it never sells user data. But, in January, the company agreed to be acquired by Visa, which sells data through a business called Visa Advertising Solutions. (Visa declined to comment on its plans for Plaid.) The financial-guidance app Hellowallet says it doesn’t sell data about unique users. But to access users’ accounts, it relies on Yodlee, which sells this information.
The government’s ability to police this trade is limited. In January, Senators Sherrod Brown of Ohio and Ron Wyden of Oregon, and Representative Anne Eshoo, of California, sent a letter to the Federal Trade Commission demanding an investigation into Yodlee’s parent company, Envestnet, for selling customers’ data without their knowledge. (Yodlee, for its part, claims it follows all applicable laws.) “Congress needs to establish clear rules governing the corporations digging into our private lives,” says Brown. A bill introduced last October by Wyden, for example, would force companies to be more transparent about how they share consumer data. However, there’s no indication that the Senate will consider it anytime soon.
In the absence of regulation, apps such as Privacy and Abine have emerged to help consumers. But they still have ties to the data ecosystem. Privacy relies on Plaid. Abine uses Stripe, which won’t disclose the names of all its banking partners. (Plenty of banks share transaction data.) Even Apple, which prohibits Goldman Sachs from using its card data for marketing purposes, couldn’t get the same concessions out of Mastercard, its card network.
For a privacy-minded shopper, these services can certainly muddy the waters. But even they can’t fully extricate themselves from the swamp.
Alison Roman’s salted butter and chocolate chunk cookies are so famous, they’re known merely as #thecookies on social media. Search Instagram, and you’ll find thousands of posts of the flat-topped shortbreads—and they’re not her only recipe the internet has minted as the be-all and end-all. The chef’s New York Times column, which publishes every other week, has inspired #thestew and #thepasta, and several other viral recipes. Roman’s second cookbook, Nothing Fancy, was a New York Times best seller after its release last October. With a conversational tone and a deep appreciation for her millennial following’s small budgets (and kitchens), Roman has built a dedicated audience for her
unfussy take on cooking and entertaining. Here, she shares her recipe for making food, stories, and content people love to share.
LEARN BY DOING
Los Angeles native Roman left college at age 19 for a job at L.A.’S Michelin-starred restaurant Sona. “I didn’t go to culinary school,” she says. “I just walked in and asked for a job.” In the kitchen, where she trained as a pastry chef (the only position available), she learned to cook by observing others. “It was a small kitchen, and I’d ask them, ‘What are you using? How are you cooking that lamb?’ ” Later, she moved to New York and worked under chef Christina Tosi at bakery chain Milk Bar, which is known for comtranslated bining familiar flavors—such as pretzels and marshmallows—in unorthodox ways. “[Tosi] had an incredible work ethic and hated asking for help. Anytime we needed to figure something out, we just figured it out,” she says. She carries that attitude into her current gig: While many chefs have dish ideas, but rely on assistants to build out a full recipe, Roman develops her own and makes them multiple times before deciding they’re right. She only hires recipe testers afterward, to ensure that her directions are accurate and the dishes can be re-created.
KEEP IT SIMPLE
After leaving Milk Bar, Roman worked for Bon Appétit as a recipe tester, where she complicated recipes from chefs such as Yotam Ottolenghi to readers who were not kitchen professionals. That’s where she developed her philosophy that her own recipes should be accessible to anyone. “No matter where you live, or what kind of grocery store you have access to, or what size kitchen you have, you can make really great food,” she says. Roman tries to put herself in a novice cook’s shoes. “I ask myself, ‘Is somebody actually going to do this at home, or are we just telling them that’s what they should be doing?’ ” In a Times column from last Thanksgiving about cooking in her small kitchen, Roman kept her advice realistic: she admitted to buying her turkey at the last minute and storing drinks in a bathtub full of ice. She also gave readers an extremely useful rundown on how to prep (including going shopping) in only three days. Roman says she won’t publish recipes if they end up being complicated. “There was a recipe in my head for baked pasta that I thought was awesome, but by the time I nailed it, I realized it had so many steps and required a really high degree of professional skill,” so it didn’t go in her column.
YOU ARE YOUR READER
When Roman was hired by The New York
Times as a food columnist, she had to reconcile her conversational writing style with the newspaper’s formal reputation. “A woman on Twitter recently called my voice ‘millennial patois,’ ” she says. “Sometimes I feel like I have to write a certain way for the Times, and then I remember that I’m writing this for myself as well as them.” She follows the same principle when she builds her recipes. While creating her famous stew, which includes chickpeas, coconut milk, and leafy greens, Roman was inspired to add ginger because she was feeling sick at the time. When the warm, spicy recipe was published in November 2018, it became an instant hit, lauded as both a cold remedy and perfect late-fall recipe. Roman doesn’t follow other chefs on social media, to avoid comparing herself to them, but she regularly uses it to interact with her readers, sharing their photos and answering their questions if they are having trouble. (She still fields many about the thickness of #thestew.) “I want to teach them how to cook,” she says.