Banks and other financial organizations are collecting and archiving information such as status updates that users post on social media sites like Facebook and Twitter, according to a recent ABC News article.
The ABC article maintains that due to the wealth of user data available on social media sites like Facebook and Twitter, banks can now have a very detailed and elaborate view on the personal lives of its clients. Personal finance expert Erica Sandberg thinks that anyone can get information about her financial conditions from Facebook or LinkedIn and can then use this information to may even deny credit to her. According to Sandberd:
It’s very similar to standing in the middle of the park and screaming. Do you want to scream good things or do you want to scream crazy things? You’re talking about the debt you have or you’re not going to pay your bills. That information is out there and it could be used for you or it could be used maybe against you.
Banks are relying on companies like RapLeaf to do the dirty (or not so dirty) job of providing them with information about clients from social sites like Facebook, Twitter, or LinkedIn.
The start and evolution of RapLeaf is an interesting story in itself. In 2005, veteran blogger Michael Arrington wrote an inspiring article titled “Companies I’d like to Profile (but don’t exist)“. In the article, Arrington listed ten startups or services that should exist, and if someone decides to create such a service he would be more than willing to profile it on TechCrunch. One of those services was Portable Reputations, according to Arrington:
eBay’s Feedback system is arguably their biggest asset. Even with its flaws, it is one the biggest drivers of trust between two people buying and selling who’ve never met and never will. But it’s a closed system, usable only within eBay and only for eBay transactions. We need an internet-wide identity and feedback system that any reputable application can tap into, both pulling and pushing data.
RapLeaf was thereby envisioned as a startup that could perhaps be a hub for reputation of online buyers and sellers, which could be used by anyone across the web to conduct commerce. Somewhere down the line, perhaps around the mid of 2008, RapLeaf realized that it would be far more rewarding to use the digital reputations for credit score determination. In July 2008, Rapleaf changed its interface so that it was no longer possible for anonymous or registered users to see the reputation of other users – which was the entire point of the service. So Rapleaf essentially stopped being a portable reputation and instead switched to an archive of user’s financial reputation – that was available to be accessed by banks or anyone willing to pay for it.
Rapleaf now has “social profiles” of 388 million users, according to the declaration on their own site and sells this data to banks and other organizations. According to Rapleaf spokesman Joel Jewitt, banks are using this information for marketing purposes only, however, Jewitt declined to come on ABC News to make this statement.
Rapleaf continues to maintain that user postings on social sites like Twitter and Facebook are not used to determine the credit score. However, there are reports suggesting that social profiling do play some role in credit decisions, such as offering a better or worse financial package to a user depending on his social profile.
The report from ABC News, regarding Banks trying to spy on users financial status, is not a one off event. In Dec, last year Roger Thompson, a security veteran over at AVG came to the forefront with the smoking gun that Banks are using shadowy Facebook apps to gather user details. Rogers reached this conclusion based on a personal experience, while on a visit to attend a conference in London. Apparently Rogers’s credit card got suspended on the trip, as he tried to make hotel payments. This usually happens because the banks in an attempt to weed out fraud block credit cards if they are being used randomly across the globe.
When Rogers called the bank to unblock his card, the bank asked him personal identifying questions such as the last four digits of his social security number and other such details. Things got weird, when the representative on phone started to ask him questions about his daugther-in-law, using her maiden name. The representative, in his defense, claimed that the bank knows these details from publicly available information.
However, after returning home Rogers went through his bank documents, but couldn’t find any document in which he provided information about his son or daughter-in-law to the bank. The uglier part of the entire incident is that Rogers’ daughter-in-law has been married for nine years and hasn’t used her maiden name ever since. The only place on earth, where she still uses her maiden name is her Facebook profile. Rogers thinks that its this publicly available information that the Bank was talking about.
The incident prompted Rogers to conduct an internal research at AVG that concluded that Facebook is awash with apps that exists for no useful reason except to access the personal information of all the users who approve these apps. Rogers believe that there is a high likely hood that majority of these apps are being used for financial espionage.
Representatives from financial institutions or from companies like Rapleaf might have explanations of their own, but incidents such as the one with Rogers suggest that all is not clean. As for us users, who cant stop using sites like Facebook, I could only say that “If you dont want someone to know something about you – dont post it on Facebook, or Twitter or anywhere around the Web“.