A stack of physical cash notes.

Cash Payments Enhance Privacy

Reduce Your Digital ‘Paper Trail’ and Pay With… Paper?

As of 2016, card payments in the UK outnumbered payments made with cash for the first time ever [1]. The story is more dramatic abroad. In Sweden, cash accounted for just 2% of the total transactions in the same year [2]. This trend illustrates how the convenient nature of card payments trump all other considerations. Including those related to privacy.

Having recently received my bi-annual bank statement in the post, it got me thinking about privacy. Specifically, the repercussions of paying with bank cards. I believe this is an area of our digital lives that is overlooked and would benefit from applying simple data minimization practices.

 

Why Are Cards Problematic For Privacy?

The sheer volume of transactions listed in my six-month statement was eye opening. Not because the transactions were particularly exciting (I wish I could say they were), but because seeing them listed on paper highlighted the ubiquity of cards in our daily lives.

Each transaction displayed the amount charged along with a brief description. As innocent and sparse as this information may sound, it can actually paint an incredibly vivid picture of ourselves. Visible to anyone who is watching.

By looking at my statement, someone could deduce where I work, based on spending patterns and the description of salary payments. It is clearly visible where I do my food shop and how often. From this, my marital status could be guessed and whether I have children or not. Some retailers display their location in the description line, allowing my home address to be roughly estimated. My method of transport is divulged, with location descriptions at each end of the journey to convey my route. Magazine and newspaper subscriptions may infer someone’s level of education, political leanings and personal interests. Having simply bought a KitKat and a cup of tea at university, its name and city are shown too. As are places where I exercise, which allude to my fitness level.

 

Why is Cash a Better Solution?

My statement ‘only’ came to three pages in length, yet I am positive this is relatively short when compared with others. A simple solution exists to minimize our digital footprints; paying with cash.

Imagine you are paying for a new laptop. With cash, you simply exchange your money and receive the item from the cashier. Sure, their POS system generates a record of the transaction, but it cannot be easily tied to you.

Compare this with a card payment. Your card number enters the retailer’s system. Since this number is unique, it can be traced back to you. Plus, any subsequent card purchases at that retailer, allows them to start generating a customer profile on you and create targeted advertising [3]. The transaction also enters your bank’s network and from there, many other parties may access it (as I shall explain).

To put paying with cash into practice, you could withdraw £x every month from a bank or ATM and use that to pay for goods and services instead of your card. Making a withdrawal at a bank allows you to withdraw more money at one time, but using an ATM, or numerous random ones may be more discreet.

If you done this for six months, your next bank statement would be drastically different. It could take up as little as six lines (one for each monthly bulk withdrawal) instead of pages. More importantly, there would be absolutely no revealing information in the bank statement. Except from the location or name of the ATM used to make the withdrawal.

 

A Deeper Look at the Privacy Implications

Besides simply not wanting to provide your bank and retailers with a detailed insight into your live, there are other reasons you may wish to use cash instead.

But first you may be thinking, ‘surely my transaction information is confidential and resides only within my bank’. To highlight this inaccuracy, I examined a popular British bank’s privacy policy. I learned they directly collect the following information from their customers:

  • payment and transaction data
  • IP address
  • mobile network
  • operating system
  • website usage

Granted, this does not feel too invasive as the information being collected is reasonably justifiable. However, clearly not satisfied with the limited information being provided, they continue to explain that additional information is obtained about us from external sources:

  • financial advisors
  • credit card providers (e.g. Visa)
  • credit reference agencies (e.g. Experian)
  • insurers
  • retailers
  • comparison websites
  • social networks
  • fraud prevention agencies
  • financial services companies
  • employers
  • payroll service providers
  • land agents
  • electoral register
  • loyalty programs
  • government and law enforcement agencies

Next, they state they may share our information with the following organizations:

  • companies owned by the bank (of which there are six)
  • government
  • HMRC (British tax authority)
  • UK Financial Services Compensation Scheme
  • law enforcement
  • fraud prevention agencies
  • agents
  • suppliers
  • sub-contractors
  • advisers
  • credit reference agencies
  • joint account holder(s)
  • independent financial advisors
  • price comparison websites
  • insurers

Even if you stop being a customer of theirs, your information is retained for a further ten years and in some cases up to fifteen years.

Suddenly, we have went from sharing our card transactions with just a retailer and a bank, (which were already pretty invasive) to potentially all of the above parties.

That level of data collection and sharing seems highly excessive to simply enable a bank to store our finances.

Again it seems that by using a free service (such as a current account) the consumer loses out. By that I mean they give away more than they receive in terms of value. Which echos the mantra that applies when using products from companies such as Facebook and Google, “if something is free, you are the product”. (As I explained in a previous post: How to Quit Google & Alternative Suggestions).

This makes digital currencies such as Bitcoin appealing to some people, as they remove many of the middlemen and costs that exist within the traditional banking system. In theory giving people more control over their money.

To be clear, with the recent introduction of the GDPR (General Data Protection Regulation) in Britain, much of the information listed above can only be shared legitimately with third parties by our bank if they receive our explicit permission first.

Of course, mass government surveillance is the exception to this rule; they do not seek our permission. They want to obtain as much of our data as possible and retain it for as long as possible. I am specifically referring here to American governments, both past and present.

After 9/11, the CIA started collecting the financial transaction data of all its citizens, under the illusion that this would help detect and defeat terrorist funding [4]. Since 2001 however, there has clearly been many more terror attacks, albeit on not such a dramatic scale. So it could be argued their mass surveillance tactic was not effective in achieving their goal [5]. Despite this, the practice continues today. The UK and America have always had, what is described in the media as, a “special relationship”. It does not seem far fetched to assume that similar practices may be conducted in Britain by GCHQ or in partnership with the NSA.

Finally, there are many other people with whom you may not want to share detailed payment history with. Advertisers would find great value if they were to obtain your information somehow. As would insurance companies, data brokers, social engineers, hackers, ex-partners, feuding family members. The list goes on…

 

Newcomers, a Breath of Fresh Air?

New ‘FinTech’ (financial technology) companies such as the online-only bank Monzo, promise to build ‘new kinds of banks’ and disrupt the status quo. This competition is welcomed in what is typically a dull sector. However, even they seem to share similar traits with traditional banks in regard to privacy.

A look at Monzo’s privacy policy reveals they also share your information with numerous middlemen. Such as credit reference agencies, card producers (the people who actually manufacture plastic bank cards), cyber security service providers, live chat service providers and more. Despite being based in London, the beating heart of the financial world, they still share their customer data outside the EEA (European Economic Area).

Upon creating an account, you must provide them with a photograph of yourself and various forms of identification, further adding to the data held about you. Within the Monzo app, all of of your card transactions are conveniently displayed on a map. Pinpointing exactly where the transaction happened. Initially I thought this was achieved through GPS tracking via their app. But it turns out that a retailer offering a card payment machine, has to register their address with it at some point. So by using their machine, the address is automatically sent to Monzo and then passed on to us through the app. This also happens with traditional banks. However most choose not to provide us with that feature, but nevertheless they still receive and collect the data.

 

Final Thoughts

Paying cash is one of the easiest things we can do to improve our personal privacy posture and can have an immediate impact.

There are certain things that may be out of our control, making it difficult or impossible to pay with cash, like rent or bills (you can use ‘virtual cards’ in these circumstances). However, this should not stop us from utilizing cash when possible.

Data brokers collect information about us for their profit often without us knowing. Our data becomes less valuable the more it is shared around and passed between middlemen. The result is a vicious cycle, where companies become desperate to acquire ever more information about us. So as to raise the value of the data again. Think of a rare vinyl record, it is valuable because only a few exist. The more there are in circulation, the quicker the others depreciate in value. By choosing to limit the amount of personal information you reveal about yourself, you are throwing a spanner in the works of their business model.

To sum up, cash transactions are ephemeral. Card payments are not. Once your information enters into a system it can be difficult or impossible to remove it. With either immediate consequences or potential future consequences.

 

Minimalist Approach for Maximum Value

Finally it’s time for the usual summary section, where I give the main benefits of following the advice in this article in five points or less. This time I answer,

how paying cash instead of card, can add value to and simplify your life…

  1. If you don’t use or carry your card with you then it cannot be lost.
  2. By not carrying a card, it is impossible to be victim to ‘skimming’ attacks.
  3. No more occasional signing for cards.
  4. Parting with cash is more painful than tapping plastic. Make more considered purchases.
  5. Having loose change is useful for all sorts of things. Donate some to charity boxes for good karma.

 

 


References

[1] Jones, R. (2017). Cash No Longer King As Contactless Payments Soar In UK Stores. [Online] The Guardian. Available at: https://www.theguardian.com/money/2017/jul/12/cash-contactless-payments-uk-stores-cards-british-retail-consortium/. [Accessed 19 Nov. 2018].

[2] Henley, J. (2016). Sweden Leads The Race To Become Cashless Society. [Online] The Observer. Available at: https://www.theguardian.com/business/2016/jun/04/sweden-cashless-society-cards-phone-apps-leading-europe/. [Accessed 20 Nov. 2018].

[3] Bazzell, M. (2018). Hiding From The Internet: Eliminating Personal Online Information. 4th ed. Amazon: Great Britain. p.104.

[4] Schneier, B. (2015). Data and Goliath – The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company: United States of America, Chapter 7, Section “Abuse”.

[5] Engel, P. (2016). The Terrorist Threat Is Worse Now Than It Was Before 9/11. [Online] Business Insider. Available at: https://www.businessinsider.com/are-we-safer-now-than-on-911-2016-9/. [Accessed 20 Nov. 2018].

Photo by Freddie Collins on Unsplash

Privacy Notice: Before leaving a comment, you must read and agree to the terms of the Privacy Policy. Some personal information is collected during this process.

 

Leave a Comment

Your email address will not be published. Required fields are marked *