The latest privacy invasion: retailer tracking

Plus 4 tips for limiting your exposure

By Minda Zetlin

If you're like most Americans, using plastic instead of cash has become commonplace. What you may not realize, however, is how eerily sophisticated tracking your purchase data has become.

Credit and debit card transactions leave a trail -- a very revealing and detailed trail that is constantly being exploited for retailers' gains. A record of your purchases, combined with demographic data and crunched by statisticians, tells retailers personal details about you that you may not have shared with your closest friends. But there are some things you can do to limit your exposure.

This kind of analysis, called data mining, has been going on for years, but came to prominence earlier this year after an irate father complained loudly to the retailer Target about his teenage daughter receiving coupons for diapers and other baby products. A few days later the man retracted his complaint. Target had hired a statistician to analyze its customers' purchase records and his algorithm had -- correctly, it turned out -- calculated that this man's daughter was pregnant.

This story, recounted in Charles Duhigg's book "The Power of Habit" and in an article appearing in "The New York Times Magazine" set off a debate about privacy and consumer rights. It also exposed a central dilemma of modern life: Purchase records, combined with publicly available demographic data, gives statisticians and the retailers who employ them a surprisingly detailed view of who their customers are, and reveal information those customers might prefer to keep secret. Short of paying cash for every transaction and perhaps moving to an underground bunker, there's little consumers can do about it.

"Tracking purchases is the most significant way retailers gather information," says Jacob D. Furst, director of DePaul Information Assurance Center, which conducts research, workshops and courses on privacy and security issues at DePaul University in Chicago. "Bringing you into the store is always the most important thing," he says. "Rarely do shoppers go into a store and buy specifically the items they went there for. We almost always buy others."

Furst says most retailers don't concern themselves with individual shoppers. "They're not going to look at one or two shoppers or one or two consumers. They look at patterns, and based on these patterns, they will make strategic decisions."

"The most important thing that data is used for is to determine which products consumers prefer, and to make sure what's on the shelf is what they want to buy," explains Kurt Jetta, CEO of TABS Group, a consumer analytics company in Shelton, Conn. "For example, we're doing one project for a retail chain where we found that in areas with high African-American populations, not only do they buy African-American hair care products and cosmetics specifically, but they buy grooming products in general at a very high level. With that kind of information, the retailer can make sure all those products are stocked and available for them."

Where's the harm?
If the only purpose of gathering personal information is to sell shoppers the products they need and want, is there any harm in it? "Every quarter we have a discussion about privacy with my students, and there's always a debate," Furst says. "For me, the key thing is that people be informed."

As he and others point out, there is often a trade-off between information shared and a benefit received, usually in the form of a discount or special offer. The most obvious case is the reward card or other retailer loyalty program that collects consumer data and tracks spending habits, but offers special discounts in exchange. "You have to love the people who request not to be tracked, but still want relevant ads served to them," says Justin Miller, search engine marketing consultant at DaBrian Marketing Group. "Sorry, people cannot have the best of both worlds."

Convenience is another benefit consumers gain when they're willing to share information, beginning with the ease of using a credit card for purchases, rather than cash (since most cash purchases can't be tracked). "I love the feature in online shopping where I enter my password and all my credit card information is filled in," Furst says.

Not all consumers are comfortable with the thought of having their personal information tracked, even if the only purpose is to send them special offers. "Omniscient retailers are like stalkers, but without a probable threat of physical jeopardy," says Joseph Ohler Jr., a Web developer in Black Earth, Wis. Adds Mark van de Hoek, an engineer at Clearwire, "I make it a point NOT to deal with retailers who invade my privacy in that fashion."

Other consumers believe it may be worth it. "If I get enough benefit out of it -- discounts, targeted offers, etc. -- it's a trade-off that I might be willing to make," says Traci Lee Chu, vice president of marketing at UpStream, which provides marketing performance software. "Some retailers take 5 percent off your total bill, but you know your purchases are being tracked."

Your data in perpetuity
If today's uses for customer data are benign, it's not hard to imagine more-sinister scenarios in the not-too-distant future. "Let's say you buy a lot of unhealthy products," says Marilyn Prosch, associate professor at the Arizona State University's W.P. Carey School of Business, and cofounder of a data privacy lab. "Can that information be used when you later apply for health insurance?"

It's even more disturbing to consider what credit card companies might do with your data. In addition to such information as your employer, income and other information gathered when you applied for the card, they also have more complete data on your spending than any individual retailer.

"If a person buys a new TV at an electronics shop and furniture at a furniture store and linens and towels at a bed and bath store -- and is still at the same address as the previous 10 years, it may mean that person is getting a divorce," says Howard Dvorkin, founder of ConsolidatedCredit.org. A credit card company may keep close watch on this account, since the financial pressures of divorce can cause people to default on their debts.

So far, he says, this is how credit card companies are using the data they gather, and in many cases, their own agreements limit how much of your information they can share with third parties. But, Dvorkin says, both things can change. "They're legally obligated to provide privacy policies that tell you what they will do with your data. But there's a school of thought that says if they've disclosed that they're going to share your information and you don't object, they have permission to do it. The devil is in the details of the credit card agreements -- and 90 percent or 95 percent of credit card holders never read them." You can opt out, he adds, "But opting out might mean they don't offer you credit."

He believes that in time, credit card companies will sell the information they have about their customers to other companies to make up for fees they can no longer charge. "The Credit CARD Act limited how much they can make, and they're sitting on all this valuable data. And today's slogan is that data is the new oil," says Dvorkin. Companies that purchase such information will likely use it mostly for marketing, but it could be used for other purposes, such as making employment or insurance decisions.

4 tips to minimize data sharing
Given the potential for retailers to invade your privacy, and possibly use data in ways you don't want, the logical choice would seem to be to withhold all personal information when making purchases. There's only one problem: It's virtually impossible to do. "It's really hard to imagine a situation in which you never give out personal information," Furst says. "That would amount to staying inside all the time behind locked doors."

Nevertheless, here are four techniques for at least reducing the amount of personal information you share with retailers, although they come with varying amounts of inconvenience:

1. Use cash or prepaid gift cards. These can't be tracked back to an individual, so they don't produce any information for data miners to use. One strategy is to use cash or prepaid cards when making purchases you might want to keep private, such as hangover pills, cigarettes or certain medications. This approach can help you protect your privacy, but don't expect that protection to be absolute. Even if the only purchases you make with credit or debit cards seem completely innocuous, statisticians may be able to infer personal information from them. Target, for example, found one strong indicator of pregnancy is the purchase of unscented lotion.

2. Don't give up information willingly. "If a retailer asks for your phone number or ZIP code, you can ask 'Why do you need to know?'" Jetta says. "My dad does that all the time." And if you don't like the answer, you can politely refuse to provide that information.

3. Don't overshare online. Stop and think before filling out membership forms at online stores, since most offer the option to complete your purchase as a "guest." By the same token, unless you're completely comfortable sharing all your Facebook information, don't log into online stores using your Facebook membership.

This is good advice even if you think sharing your Facebook info is no big deal. "Keep in mind that 80 percent of people in this country can be identified with only three pieces of information: Their birth date, gender and ZIP code," Prosch says. "Once a company has that, it can get your name and address and start sharing your information."

4. Opt out -- if you have the patience. Reading a retailer's privacy policy is no one's idea of fun, but it's useful to know whether and how a company will share your information with others, and sometimes instructions are provided for opting out of data gathering or sharing. Check the Privacy Rights Clearinghouse for up-to-date information on which companies are gathering your information and what, if anything, you can do about it. Google, which many people use for searching the Web, storing photographs, email, shopping, and more, can pose a particular privacy concern. There are instructions for opting out of much of Google's tracking that you can find by clicking the "privacy and terms" link on the Google home page.

Ultimately, though, there's nothing you can do to fully prevent retailers from learning a lot about you. "If I took the voter roles and census data for a neighborhood, I could go to Google Earth and look at how many houses have jungle gyms and overlay census income data and identify the average square footage of the houses, and I could identify which houses have kids," Jetta says. "I could identify when they were born and understand the probability that within the next three years another one's going to be born. The combinations are infinite. Those are publicly available sources of information that you can't shut down, and there will always be a statistician like me to figure it out."

See related: New medical FICO score sparks controversy, questions

Published: May 14, 2012

	Three most recent Legal, regulatory, privacy issues stories: FTC targets cash-reload code scams – The FTC has proposed banning telemarketers from taking payments via cash reload codes that are used to fund prepaid cards. The codes make it too easy for fraudsters to take cash without leaving a trace ... How to pick a bankruptcy attorney – That’s it, you’re done. After struggling to pay your debts, you’re ready to consider bankruptcy. It’s time to contact a lawyer to represent you, but which one? ... Proposed rule could help kids replace stolen Social Security numbers – The Social Security Administration is considering easing the process for replacing stolen SSNs for children 13 and younger, who are increasingly targeted by identity thieves ...

	CreditCards.com's newsletter Did you like this story? Then sign up for CreditCards.com’s weekly e-newsletter for the latest news, advice, articles and tips. It's FREE. Once a week you will receive the top credit card industry news in your inbox. Sign up now!