Your credit card data might not be as safe as you think online

Researchers found that it was possible to identify users just from their unique buying patterns
Your credit card data might not be as safe as you think online


In the age of PayPal and dual-authentication, of course it's easy to get lulled into thinking it's perfectly safe to hand over our credit card details. Researchers have given both online sites and users a wake up call in a study that demonstrates that given enough data, so-called anonymous records can still be traced back to users.

The published study found that in large data sets, despite no names being given, buying patterns were unique enough they could be traced and linked to users.

Keep those numbers safe

Basically, anonymised data sets are not enough. In the study which looked at the spending of 1.1 million people in 10,000 shops, despite the absence of names and credit card numbers just the metadata alone was enough to correlate it with information about a person from an external source.

What did the metadata contain? Merely amounts spent, shop types and codes that represented an individual.

An example of how metadata could be used was when the New York City Taxi and Limousine Commission released a data set that contained only times, fares and routes for 173 million rides. Despite no passenger names being revealed, people located time-stamped photos of well-known people entering and exiting cabs, matched up those times to figure out which celebritie took which cab.

How then do you prevent such 'match ups' of data sets? Making the variables less specifics. Perhaps having public data sets only reveal weeks of a transaction and not the specific day and time.

Data scientists are not thrilled with such findings as their work rely on huge data sets - when these are closed off from them, it makes it harder to do their work. MIT for instance has locked up the data it has from its massive open online courses, all in the interest of privacy.

What does it mean for us who store credit card data with our favourite shops. Perhaps, don't do it. Not unless organisations can prove they will promise to limit the data publicly shared to prevent tracing important information back to customers.

READ MORE: Laserlight could keep you safe from accidents

[Source: Science Magazine]