Shopping online 'naked'. When Google or Facebook get to access your bank account.

January 4, 2017

The updated European Payment Service Directive (PSD2) requires banks to give third party financial services access to our bank accounts. Some safeguards have been put in place: the financial services must have a license, and must ask for our explicit consent before they can access our financial transactions. From an innovation and fair competition perspective, this makes sense: banks are overprotective monopolies. However...

Barclays Bank is considering to allow their customers to check their account balance through Facebook. And a Google subsidiary (Google Payment Ltd.) already has a license to issue electronic money and to provide payment services.

So we will soon be able to get an overview of our financial transactions in either Facebook or Google Now. From a usability perspective this is actually quite nice. But it comes at a price: we have to give Google access to our intimate financial details.

For those that shrug their shoulders, think again.

The web has changed the way we shop in many ways.

  • We have immediate access to an endless number of online shops.
  • We can compare their prices and offers (although this usually involves an intermediary that does the comparison for us).
  • We get targeted advertisements based on online profiles derived from our online behaviour.
  • Shops tailor their offers and recommendations based on such profiles too.

So instead of one physical shop that looks the same to all its customers and has fixed price tags seen by all its customers, a web shop is personalised and can offer each customer a different price for exactly the same product. Recent scientific research suggests (but does not prove) that this is already taking place.

With access to your financial details, Google can tell these shops exactly how much you are worth, and even signal them the moment you get a gratification. This allows web shops to become even more personalised, offering only the things you like with exactly the price you can afford and are willing to pay. It's like walking into shop 'naked' wearing a sign saying you're a millionaire (or not). Or worse: like being a western tourist starting a bargain in a Moroccan souk or Indonesian pasar. You just know you will overpay. You're negotiation skills may only reduce the damage somewhat (and if the shop keeper is any good, you may even walk away thinking you got a very special deal).

Proponents of the new payment directive say that this horror scenario cannot happen because the financial service providers that get the access are regulated and need to adhere to the strict European privacy laws. However, enforcement of these laws, especially against non European companies, has so far been found wanting. This is not very reassuring.

There is only one hurdle, one final defence, protecting us from this 'commercial singularity' (and I don't mean that in a very reassuring sense).

Our consent.

Unfortunately Google and friends have quite consistently shown in the past how easy it is to pilfer our consent from us. You only have to look at all the people that are using Google Now (and gave Google permission to track their whereabouts forever).

In case you spot any errors on this page, please notify me!
Or, leave a comment.
Henk van Cann
, 2017-01-05 11:12:09
(reply)

Great article. It wakes you up like a bucket of water over your head at 6 AM in the morning while lying in bed. Isn’t incredible all this sh.t control of your, without knowing it. Or you easily forget when or about what you gave your consent. I discovered that allowed Google Now to track me down some time in the past… We have to realize that the same applies for all the new pseudonymous crypto currencies (like bitcoin, ether). Companies can find out who is behind large accounts of crypto, track changes and act accordingly.

Bart
, 2017-01-05 17:51:18
(reply)

That consent requirement is the difference though. Perhaps we don’t understand it but plenty of people really don’t care and they have a right to share such details with Google.

As long as it is consent based at least everyone can decide for themselves.